Loading some great jobs for you...
Senior Cybersecurity Vulnerability Testing Specialist
The Senior Cybersecurity Vulnerability Specialist will use web security inspection tools to perform security testing of production web application servers.The chosen candidate will perform web-based vulnerability testing with tools on production systems that are upgraded or coming online.Once the vulnerability tools are run, candidates will be required to analyze results and write reports based on their findings and follow up with systems owners about the results of the tests.
Specifically, the candidate will:
Performsecuritytestingactivitiesthatincludevulnerabilitydiscoveryandriskanalysis, which includes recommendations for risk mitigation.
Perform security testing of ITassetsthatareinapre-productionorpre-deploymentcapacity, such as web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, and common application platforms.
Conduct kickoff meetings and exit briefings
Meet with business owners to respond to ad-hoc questions, test findings, or other IT security related concerns
Prepare technical responses to security questions
Develop content for security articles, Electronic Learning Modules, IT Security Resource Packets, Configuration Guides, and IT brochures.
Actively participate in team activities, to include recurring team meetings and process improvement discussions.
Develop and present vulnerability and security testing demonstrations for business owners and team members.
Bachelors Degree and 6 years of IT experience (or High School Diploma and 12 years of IT experience).
At least 6 years of experience in cybersecurity management, operational, and/or technical activities.
At least 4 years of experience with the National Institute of Standards (NIST) cybersecurity standards and best practices.
Candidates should understand how the testing directly correlates to the Federal Risk Management Framework (RMF) or the Judiciary Information Security Framework (JISF).
Candidates must be able to interpret testing results/categories back to the NIST/RMF framework and provide a non-technical brief to system owners.
Atleast 2 yearsconductingIT security testing in a business environment.
Understanding of IT security testing and appropriate tools.
Knowledge of potential vulnerabilities and threats to existing web applications, databases, and operating system technologies.
Knowledge of cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Verification Standard and security testing tools, i.e., CoreImpact, Qualys Guard, Nessus, Metasploit, App Detective, App Scan, Burp Suite, HP Web Inspect, Kali [BackTrack], NMAP
Capable of performing security testing of Judiciary IT assets, gathering and aggregating testing data for trend analysis, developing and maintaining documentation to support the testing process, and actively working to ensure the testing process matures in-line with industry and Judiciary requirements and expectations.
Attention to detail.
Possess one of the following industry-recognized cybersecurity certifications:
oGIAC Certified Incident Handler (GCIH)
oOffensive Security Certified Professional (OSCP)
oGIAC Penetration Tester (GPEN)
oGIAC Web Application Penetration Tester (GWAPT)
oOffensive Security Web Expert (OSWE)
oCertified Ethical Hacker (CEH)
Preferred Undergraduate/Graduate Education
Attending/attended a cybersecurity program at a college/university.