BRTRC

Returning Candidate?

Risk and Vulnerability Engineer

Risk and Vulnerability Engineer

ID 
2017-2269
# of Openings 
2
Job Locations 
US-DC-Washington DC
Posted Date 
9/27/2017
Category 
Cyber Security

More information about this job

Overview

BRTRC Federal Solutions is seeking a Risk and Vulnerability Engineer who will provide support to a large government customer for a new 5 year contract. 

 

The selected candidate will perform in-depth technical security assessments and determine deviations from acceptable configurations, enterprise or local policy, assess the level of risk, and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations. 

 

Ideal candidates must be comfortable in a fast-paced, on-the-job training environment where they will be presented with opportunities to expand and improve their abilities.  The Risk and Vulnerability Engineer should have a solid understanding and demonstrated experience of foundational security concepts such as: networking and networking services (such as DHCP, DNS, TCP/IP, routing and switching), Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), and Database Assessment.

 

This is a full-time salaried position, located in Washington, DC.

Responsibilities

The engineer will participate in all aspects of Risk and Vulnerability management including review of system and application security threats and vulnerabilities, assessment of the robustness of security systems and designs, and applying host/network access controls. The successful candidate will also  use network analysis tools to identify vulnerabilities and identify systemic security issues based on the analysis of vulnerability and configuration data.  Candidates should be analytical, have a strong technical ability, effective task management skills and the ability to communicate effectively.  They will be required to maintain security documentation and be able to bridge the gap between technical details and a non-technical audience.

Qualifications

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)
  • Knowledge of general attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)
  • Knowledge of IA principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
  • Demonstrated analytical problem solving and troubleshooting ability
  • Strong written and oral communication skills, and the ability to communicate technical information to a non-technical audience
  • Ability to work independently and in a team

Requirements: 

  • Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
  • At least three (3) years of professional experience in incident detection and response, and at least three (3) years of experience in system administration, database administration, network engineering, software engineering, or software development.
  • Ability to obtain a DoD security clearance

 

Preferred Education, Credentials and/or Experience:

  • Prior vulnerability assessment or penetration testing experience
  • Desired Certifications: SANS GIAC Pen Testing variant, Offensive Security variant, CEH, CCFP, or related.
  • Desired Software Experience: Veracode, Log Management, SIEM
  • Knowledge of common attack vectors, defense in depth techniques, and current threats and trends in Information Security

 

 

 

  About Us:  BRTRC Federal Solutions is a growing company offering a  fast-paced work environment with a  diverse variety of challenges and opportunities. As a mid-sized company, there is minimal corporate hierarchy, which means each individual has the ability to work directly with management and have a voice in the current and future operations, culture and working environment of the company.

 

Compensation and Benefits:

We provide  an excellent compensation package with benefits that include medical, dental, vision, short- and long-term disability, and life insurance.  We also provide a generous 401(k) plan following eligibility.

 

EEO/AA Employer/Vets/Disabled