- Work closely with target organizations to ensure full comprehension of the standard security controls; conduct site visits as required.
- Assist with security controls compliance assessments using established matrixes of tailored control and provide expert support in assessments of target organizations.
- Provide support to Vulnerability Management programs.
- Provide support to assessed organizations to ensure proper tracking of Plan of Action and Milestone (POA&M) items.
- Provide support and conduct annual reviews of the security controls (or some subset of the security controls) to ensure continued compliance as requested.
- Assist with establishing footholds on endpoints within monitored organizations networks to provide day-to-day visibility into the security posture.
- Provide expert support for the development and maintenance of develop of processes and best-practices for evaluating A&A data through a standard scorecard.
- Utilize industry standard tools for automating the review of system configuration and security control compliance.
- Conduct periodic NIST controls assessments in support of network authorization and continuous monitoring.
- Provide detailed observations from controls assessments in the form of Security Assessment Report (SAR) and Risk Assessment Report (RAR) documents.
- Employ a scan-patch-scan methodology to ensure all systems identify and receive appropriate security patches.
- Conduct vulnerability scanning using industry standard tools (e.g., Tenable Nessus) on a weekly to bi-weekly basis.
- Report scan result data to appropriate system administrators to aid in the deployment of system updates and patches.
- Develop a mitigation plan detailing a prioritized timeline for patch deployment (e.g., day patch deadlines based on each finding's severity level).
- Conduct false positive analysis and vulnerability analysis to determine the legitimacy of all detected vulnerabilities as well as prioritize their remediation.
- Configure the identified application to effectively ingest, process, and report vulnerability data collected during assessments as well as data provided from organizations' self-assessments.
- Conduct long term trend analysis, identifying improvements or degradations in system security posture across the enterprise.
- Provide dashboard views of data roll-ups from all facets of assessed systems (e.g., risk, vulnerability data, POA&M status) to present high-level executive summary reports to government leadership.
- Ability to conduct Vulnerability Assessments using industry tools - NESSUS, Tenable, etc. Experience with Tenable or ) in an enterprise environment highly preferred.
- Experience in vulnerability management strategies, standards, procedures and technologies across infrastructure and application-level vulnerabilities.
- Experience scanning Windows, RHEL and Centos Operating Systems and troubleshooting scans, to include the ability to communicate with customers daily describing the results of scans.
- Experience scanning Virtual environments to include VMware vSphere infrastructures.
- Network devices, Databases (Oracle, MSSQL, MySql, Postgres), and websites web with
- Intermediate to advanced knowledge of the following platforms in an enterprise environment: Windows and RHEL, routing, switching, IDS, IPS, Firewalls.
- An understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, application flow charting, and session analysis.
- Bachelors in Cybersecurity, Computer Science/Electrical Engineering, Engineering, or IT
- Shall possess one or more of the following certifications: (ISC)2 Certified Information Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), SANs GIAC certification (e.g., GPEN or GW APT), and EC-Council Certified Ethical Hacker (CEH)
- Ability to obtain and maintain a customer required Top Secret clearance with SCI eligibility and pass a Counterintelligence (CI) polygraph.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Comprehensive knowledge in the one or more of the following areas: information security, network security, Windows security, UNIX/Linux security, and web application security.
- Demonstrated success and understanding of accepted frameworks such as, ISO/IEC 27001, COBIT, and NIST, including rev 5 and the ATO process.
- Ability to research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits.
- Washington, D.C.
-
Financial Data Scientist Senior Associate
3 weeks ago
Fannie Mae WASHINGTON, United States Full timeJob Description · As a valued colleague on our team, you will contribute to supporting the team in applying mathematical models, advanced tools or techniques (such as SAS, Python, and R), and financial industry knowledge to business or financial data, including model results. Yo ...
-
Chemical Engineer/Process Engineer
2 weeks ago
Eclipse Enterprises Monument, United StatesVTU Engineering designs process plants for the industry in the fields of pharmaceuticals, chemicals, oil & gas. We offer the highest expertise in all project phases, from process development to project management, basic and detailed engineering, and commissioning. We are a recogn ...
-
L3 Technologies Springfield, United StatesJob Title: Senior Specialist, Operational Assessments (TS/SCI w/ CI Poly Clearance Required) · Job Code: 10136 · Job Location: Springfield, VA · Job Description: · L3Harris Technologies has an opening for a Senior Specialist, Operational Assessments SME for an important natio ...
-
L3Harris Springfield, United StatesJob Title: Senior Specialist, Operational Assessments (TS/SCI w/ CI Poly Clearance Required) · Job Code: 10136 · Job Location: Springfield, VA · Job Description: · L3Harris Technologies has an opening for a Senior Specialist, Operational Assessments SME for an important natio ...
-
Middle Market Risk Engineering Consultant
3 weeks ago
Zurich Insurance Company Washington, United States Full timeZurich Risk Engineers travel to customer locations to perform risk assessments and advise customers in a wide array of industries. Risk Engineering takes an approach that emphasizes consulting and prevention of losses using engineering approaches and expertise rather than just fo ...
-
Sr Research Engineer
3 days ago
KBR Washington, United StatesTitle: · Sr Research Engineer - Advanced Technology & Rapid PrototypingLocation: North Charleston SC, San Diego, CA, DC/metro Area with flexibility with remote and hybrid teleworking. · Job Description: · KBR is a leading provider of innovative solutions for defense, technology, ...
-
Senior Cybersecurity Systems Engineer
1 week ago
Modern Technology Solutions Washington, United StatesOwn Your Future. · Modern Technology Solutions, Inc. (MTSI) is seeking a Cyber Security Systems Engineer , Weapon Systems Cybersecurity professional to join our team. You will provide security engineering, assessment, and weapon systems security oversight activities that support ...
-
Hull Systems Engineer
2 weeks ago
ManTech Washington, United States Full timeSecure our Nation, Ignite your Future · Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you'll help protect our national security while working on innovative projects that offer ...
-
Enterprise Vulnerability Assessment Program Operator
22 hours ago
ECS Washington, United StatesECS is seeking an Enterprise Vulnerability Assessment Program Operator to work in our Washington, DC office. Please Note: This position is contingent upon additional funding. · Job Description: · In support of a premier Law Enforcement agency, we are looking to expand our industr ...
-
Electrical Engineer
3 weeks ago
Page Southerland Page, Inc Washington, United States Full timeOverview · At Page, we promise design that makes lives better. We're actively seeking talented people to join an empowered employee environment. Page provides architecture, engineering, interiors and consulting services on large, complex projects around the world. We credit the s ...
-
Alpha Consulting Corp Washington, United StatesHello, · My name is Anubhav and I'm a recruiter at Artech. We are constantly on the lookout for professionals to fulfil the staffing needs of our clients, and we currently have a job opening that may interest you. Please find below, summary of the position. · If you are currently ...
-
Cybersecurity Engineer
2 weeks ago
Amentum Washington, United States Full timeAmentum is seeking Cybersecurity Engineers to join our team and support our customer. We are looking for team members who are passionate about making a difference by working on critical efforts we manage as a premier government contractor. · We are pipelining candidates for futur ...
-
Systems Engineer
2 weeks ago
Leidos Washington, United States Full timeDescription · Systems Engineer · Are you looking for an opportunity to make an impact? · At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communi ...
-
Senior .NET Engineer
3 hours ago
Cambium Learning Washington, United States Full timeJob Overview: · Do you want to be a part of something innovative and cutting edge? If your answer is yes, then join our team of more than a hundred software engineers, designers, project managers and software specialists that are smart, creative and excited by what they do Some o ...
-
Senior Systems Engineer
6 days ago
ManTech Washington, United States Full timeSecure our Nation, Ignite your Future · Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you'll help protect our national security while working on innovative projects that offer ...
-
Program Analyst
2 days ago
Tyto Athene, LLC Washington, United StatesTyto Government Solutions, Inc. is seeking a Program Analyst to support a Government Program Management Office (PMO) at the Washington Navy Yard. · Responsibilities: · Work location is 100% on government site. · Provide life cycle support to Government Program Manager including p ...
-
Systems Engineer/CWMD
2 weeks ago
Systems Planning and Analysis Washington, United StatesOverview · Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US ...
-
Senior Technical Operations Advisor
12 hours ago
LMI Washington, United StatesOverview · LMI is currently seeking senior-level technical operations advisor with TS/SCI clearance (with polygraph) and more than 15 years of experience in the Defense Intelligence Enterprise and/or Intelligence Community. · LMI is a consultancy dedicated to improving the busin ...
-
Network Security Engineer
2 weeks ago
Seneca Resources Washington, United StatesRole Description: · As a Junior Network Security Engineer, you will be instrumental in upholding the security and reliability of the organization's network infrastructure. Your primary responsibility will revolve around overseeing network security operations within a multi-tenant ...
-
Engineer 3
6 days ago
M.C. Dean Washington, United States|| []; function gtag(){(arguments);} gtag('js', new Date()); gtag('config', 'UA '); · Job Description: · Meet with the customer to understand the security needs and develop requirements and test plans. · Identify candidate technologies and evaluate them against the defined requ ...
Vulnerability Assessment Engineer - Washington, United States - ShorePoint
Description
Job Description
Job DescriptionSalary:Who we are:
ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a "work hard, play hard" mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.
The perks:
As recognized members of the Cyber Elite, we work together in partnership to defend our nation's critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certification maintenance and reimbursement, etc.
Who we're looking for:
We are seeking a Vulnerability Assessment Engineer who has experience providing support in a dynamic, fast-paced environment within the public sector. The Vulnerability Assessment Engineer will perform comprehensive assessments that produces actionable security recommendations that are tailored to the assessed environment, to include vulnerability assessment and vulnerability management. This is a unique opportunity to join an exciting company where you will have a voice and be an active participant in driving growth and shaping our companies' culture.
What you'll be doing:
What you need to know:
Must have's:
Beneficial to have the following:
Where it's done:
Vulnerability Assessment Engineer professionals in Washington, D.C.
-
Mark Victor Lagumbayan
Document Controller / Construction Administrator