Sr. Information Security Engineer: Penetration Testing

Location: Washington, DC

Job Description

Our Client is seeking a highly motivated, flexible, organized, and detail oriented Sr. Information Security Engineer – Penetration Testing to join our dynamic team at Rockville, MD . If you want to learn, grow, and help then this is the job for you. 

We support a project/customer that "seeks to better understand, treat, and ultimately prevent infectious, immunologic, and allergic disease seeks fundamental knowledge about the nature and behavior of living systems and the application of that knowledge to enhance health, lengthen life, and reduce illness and disability.” What you do matters and has significant impact on the medical and scientific communities we serve. Your work here really matters and has real impact.

This role will be primarily responsible for performing penetration testing of systems and networks within the network environment to identify vulnerabilities, weaknesses and also where those systems/networks deviate from acceptable configurations or policies, and for measuring effectiveness of defense-in-depth architecture against known/detected vulnerabilities as per the federal cybersecurity standards & guidelines.

Essential Duties and Responsibilities

  • Analyze organization's cyber defense policies and configurations and evaluate risk and compliance with regulations and organizational directives.
  • Conduct\Support\oversee authorized penetration testing on enterprise network assets.
  • Prepare and review reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
  • Perform risk analysis; Measure effectiveness of controls against known vulnerabilities.
  • Work with stakeholders (system administrators and owners) to manage risks\vulnerabilities.
  • Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
  • Identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
  • Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on status and emerging trends.
  • Maintain up-to-date vulnerability profiles, including respective detection and countermeasures.
  • Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date.

Job Requirements
  • Minimum 5 years’ experience in at least 3 of the following:
  • Use of vulnerability management and Penetration Testing tools.
    • Metasploit Pro, Core Impact, OpenVAS, Burp Suite, Nmap, Sqlmap etc.
  • Scripting using one or more of the following: Python, Ruby, Bash, C/C++, C#, or Java.
  • Establishing\improving PenTest policies, procedures, exceptions and operations.
  • Leading or participating cross functional efforts for managing organization wide risks.
  • Collecting, analyzing, reporting and briefing discovered vulnerabilities.
  • Use of industry-standards and widely accepted pen-testing and analysis principles and methods.

Must know
  • Risk management processes (e.g., methods for assessing, mitigating and accepting risks). 
  • Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies. 
  • Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic. 
  • Basic system administration, network, and operating system hardening techniques.

Must be
  • Able to communicate, verbally and in writing, complex-technical issues with simplicity & clarity.
  • Strong Interpersonal skills, excellent attention to detail and analytical skills.
  • Able to exercise discretion and maintain confidentiality.
  • Proficient in reporting and answering analytical questions using vulnerability data.

  • BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred).
  • Industry standards such as CEH, CRISC, GRCP or related GIAC (preferred but not required).
  • Applicants selected will be subject to a Public Trust background security investigation and may need to meet eligibility requirements for access to sensitive information. US Citizens or Permanent Residents preferred.

  • Paid Time Off (PTO)
  • 9 Paid Federal holidays
  • Various wellness programs
  • Free parking at corporate offices
  • Employee Referral Bonus Program (ERBP)
  • Vision coverage through UHC national network
  • Dental coverage through UHC national network
  • 401(K) with significant company match & no vesting period
  • Short and Long-Term Disability coverage (paid by company)
  • Competitive salaries with opportunity for performance bonuses
  • Discount plan for pet care, legal services, & identify theft protection
  • Basic Life and AD&D coverage (paid by company; option to purchase additional coverage)
  • Medical coverage through UHC national network (option to choose between 3 available plans)
  • Flexible Spending Accounts:
  • Healthcare (FSA)
  • Parking Reimbursement Account (PRK)
  • Dependent Care Assistant Program (DCAP)
  • Transportation Reimbursement Account (TRN)