Security Testing Engineer Job in Arlington 22202, Virginia US
Security Testing Engineer
RCM Technologies is a leading provider of IT Business Solutions and Professional Engineering Services to over 1,000 clients in the commercial and government sectors. RCM partners with clients to define, implement, and manage a broad range of technologies across multiple platforms, systems, and networks. Our broad geographic presence ensures that a proven and reliable tactical and strategic capability is available and deployable virtually everywhere in North America. RCM Technologies is currently seeking a Security Testing Engineer for the Pentagon City, VA area.
Security Testing Engineer
Location: Pentagon City, VA
PROJECT OVERVIEW: The security testing team directly supports TSA’s Information Assurance Division (IAD). The security testing team is an integrated team consisting of both TSA employees and security experts from Pragmatics and its subcontractor Apptis. The contractor team is collocated with TSA employees at TSA headquarters in Pentagon City. The team’s primary function is to conduct formal Security Test and Evaluation (STE) with emphasis on compliance with TSA policies and standards. The team supports STE of TSA systems and airport systems located in the 50 states and U.S. territories that host an airport within TSA’s purview.
JOB RESPONSIBILITIES: Perform security assessments of web applications, network devices, Windows and Linux based hosts, and databases in support of Security Test Evaluations (STE). Recommend mitigation strategies and identify security risks in accordance with TSA security policies. Analyze emerging security technologies, deployment strategies, and other safeguards during the system life cycle process. Apply security expertise and assist TSA with continuously evolving TSA’s security strategy, tactics, techniques, and procedures for security testing. Provide security design, review, and recommendations for all enterprise security technologies including network devices, VPNs, wireless networks, and PKI within the TSA enterprise. Be prepared to execute long-distance travel on short notice to any of the 50 states and any U.S. territories that host an airport within TSA’s purview.
REQUIRED SKILLS:
- Work experience and full proficiency in web application testing, network testing, and database security testing
- Full proficiency (no assistance required) with one or more web application scanners such as HP WebInspect and Rational AppScan
- Proficiency with web application testing using in-line proxies such as Paros and Burp Suite
- Experience with web application design and development and best practices for implementation of web applications
- Thorough understanding of the OWASP Top Ten Project
- Experience in programming languages such as Perl, PHP, C#, and .Net
- Experience using automated vulnerability scanners such as Nessus and Appdetective
- Familiarity with penetration testing tools and techniques
- Proficiency with network discovery techniques
- Demonstrated communications ability (both verbal and written skills). Must perform briefings and explain vulnerabilities clearly to senior TSA officials
- Ability to work effectively and diplomatically with members of the customer organization
- Ability to work effectively as a member of a security team or independently
DESIRED SKILLS:
- GIAC certification (GPEN, GWAPT)
- CEH certification
- CISSP certification
- Full proficiency (no assistance required) in WebInspect, AppScan, Paros, Burp Suite, Nessus, and AppDetective
EDUCATION AND YEARS OF EXPERIENCE: Bachelor’s degree in a field related to information systems. Eight years of full-time work experience in a position related to IT security
RCM Technologies is an Equal Opportunity Employer and does not discriminate on the basis of race, national origin, religion, color, gender, sexual orientation, age, non-disqualifying physical or mental disability or any other basis covered by law. Employment decisions are based solely on qualifications and business need.