Careers - Vaultes

Virginia

Conduct web and network-based penetration tests
Conduct vulnerability scans (Web, OS and Database)
Analyze vulnerability scan results, report vulnerabilities and facilitate vulnerability remediation strategies with Points of Contacts (POCs)
Identify false positives and risk acceptance candidates
Clearly understand and communicate risks associated with vulnerabilities
Conduct logical security audits and hands-on technical security evaluations and implementations
Conduct physical security assessments
Develop subject matter expertise of focused capabilities in the topics of database security, wireless security or application and development security

DC Metro

Review current policies and procedures, identify gaps in terms of compliance with Federal and Department (civilian government) requirements and determine which are applicable to the customer’s environment
Research & Development Support includes product reviews, evaluations and recommendations and to determine integration capabilities for all new and existing technologies
Provide recommendations based on feasibility, operational requirements and cost/cost savings in order to support the mission
Monitor the network and provide network security by identifying problems and troubleshooting alerts
Monitoring of security events detected by customers Security tool set. Security events can include intrusion detection events, malicious software detection, events from SIEM tool, vulnerability scans, penetration test findings, audit findings and other network events as it relates to security
Validation and confirmation of security events and assessing impact of the event
Determine solutions to mitigate threats
Provide incident response and mitigation support on compromised systems

Working and holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision) and NIST SP 800-53A Revision 1
BS degree in Computer Science or related field, MS degree preferred
3 years of C&A/ST&E experience, with two (2) of those years in support of Federal Civil agencies
Experience with RETINA, DISA Gold Disk, DISA STIGS and Security Readiness Review script
Experience managing a small team (3-5 personnel) preferable
CISSP is highly desirable

Washington, DC

Optimize security for the systems with the designated system boundaries
Provide support to help the FISMA POC ensure that the customer’s requirements for IT security are being met
Update System Security Plans and document evidence of NIST SP 800-53 Rev 3/4 internal controls for security
Provide support and assistance to optimize the Configuration Management for Systems based on Published Baselines
Provide support for configuration management compliance reviews and patch management updates and status reporting.
Review and remediate any critical/high impact vulnerabilities scan results
Develop contingency/disaster recovery plans
Update System Test Plans and Evaluations (ST&E) for Annual Control Testing
Ensure that requests for FISMA Assessment and Authorizations are completed
Document security weaknesses in Plans of Action and Milestones (POAMs)

Experience using BURP or Nessus and OWASP web application scanner
2 years of C&A/ST&E experience
Knowledge of NIST IA policies
Experience with RETINA, DISA Gold Disk, DISA STIGS, and Security Readiness Review scripts
BS degree in Computer Science, Information Systems, Engineering or related field preferred
Security+, CISSP is highly desirable but not required
US Citizenship is required