Job ID :
Company :
DC Government
Location :
Type :
Duration :
9/30/18 +
Salary :
Status :
Openings :
Posted :
16 Feb 2018
Job Seekers, Please send resumes to
Required Skills - Senior App Sec Assessment Eng., Info Security, Nexpose, Nessus, Qualys, patch mgmt. 

Years of experience: 11+ years' experience.

Job Description:

As a member of the security team the Application Security Assessment
Engineer is responsible for IT system and application vulnerability assessment using Security Assessment tools.

As a member of the security Team this role is responsible for IT system and application vulnerability assessment using Security Assessment tools.  This position is also responsible for continuous monitoring, routine scanning, on demand scanning as part of application or system deployment process.

The consultant should have demonstrated experience in assessing and recommending required security controls for enterprise applications.
Consultant should be well-versed in conducting vulnerability and security assessments and penetration tests.


  • Familiarity with OWASP and NIST standards for application and network assessments
  • Perform vulnerability assessments of all network systems including scanning and analysis of the target networks.
  • Perform security assessments of new and existing application by performing periodic scans.
  • Research platform specific disclosed vulnerabilities and analyze the impact to the enterprise.
  • Working knowledge of Web Application firewalls is necessary.
  • Have a strong understanding of the Ethical Hacker processes and procedures
  • Responsible for creating documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels
  • Strong knowledge and ability to operate vulnerability assessment and application assessment tools (e.g. Nexpose, Appspider, Qualys, Tenable).
  • Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies -- behavioral based a plus).
  • Knowledge of LAN/WAN design and general internetworking technologies. Hands-on experience a plus.
  • Knowledge of Windows and Unix operating systems. Hands-on experience a plus.
  • Manage and maintain assessment platforms.
  • Knowledge of open source packages such as Kali Linux or Metasploit
Specific Skills

  • Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
  • 5+ years of Information Security experience.
  • 3-5 years demonstrated operational implementation and use of Nexpose, Nessus, Qualys or similar scanning tools.
  • 3-5 years demonstrated operational implementation and use of Application security assessment tools e.g. Appspider, Trustwave, Fortify, Qualys or similar scanning tools.
  • Demonstrated understanding of patch management tools for Windows and Unix environments.
  • Demonstrated understanding of software development lifecycle and secure coding techniques.
  • Scripting knowledge is a plus (e.g. python, shell scripting, Java script).
  • Able to explain Application vulnerabilities to programmers and application owners.


B.A. or B.S. degree in Computer Science, Information Systems or six years of equivalent experience in a related field.

Security+ Certification, CEH or other security certifications desired.

Basic programming experience is a plus

Tool specific certification (Rapid7, Nessus, Fortify, WSUS, BF, SCCM, Heat, Satellite) desired.


Complete Description


  • Determines enterprise information assurance and security standards.\
  • Develops and implements information assurance/security standards and procedures.
  • Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers' requirements.
  • Identifies, reports, and resolves security violations.
  • Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  • Supports customers at the highest levels in the development and implementation of doctrine and policies.
  • Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
  • Performs analysis, design, and development of security features for system architectures.
  • Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers.
  • Designs, develops, engineers, and implements solutions that meet security requirements.
  • Provides integration and implementation of the computer system security solution.
  • Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
  • Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
  • Ensures that all information systems are functional and secure.