Job ID :
Company :
DC Government
Location :
Type :
Duration :
9/30/18 +
Salary :
Status :
Openings :
Posted :
13 Mar 2018
Job Seekers, Please send resumes to
Required Skills - App Sec Assessment Eng., IT security architecture & systems, security assessment tools. 

Years of experience: 11+ years’ experience.

Job description:


As a member of the security team the Application Security Assessment Engineer is responsible for IT system and application vulnerability assessment using Security Assessment tools. 


As a member of the security Team this role is responsible for IT system and application vulnerability assessment using Security Assessment tools.  This position is also responsible for continuous monitoring, routine scanning, on demand scanning as part of application or system deployment process.  

The consultant should have demonstrated experience in assessing and recommending required security controls for enterprise applications. Consultant should be well-versed in conducting vulnerability and security assessments and penetration tests



  • Familiarity with OWASP and NIST standards for application and network assessments
  • Perform vulnerability assessments of all network systems including scanning and analysis of the target networks.
  • Perform security assessments of new and existing application by performing periodic scans.
  • Research platform specific disclosed vulnerabilities and analyze the impact to the enterprise
  • Working knowledge of Web Application firewalls is necessary
  • Have a strong understanding of the Ethical Hacker processes and procedures
  • Responsible for creating documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels
  • Strong Knowledge and ability to operate vulnerability assessment and application assessment tools (e.g. Nexpose, Appspider, Qualys, Tenable)
  • Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies -- behavioral based a plus).
  • Knowledge of LAN/WAN design and general internetworking technologies. Hands-on experience a plus.
  • Knowledge of Windows and Unix operating systems. Hands-on experience a plus.
  • Manage and maintain assessment platforms.
  • Knowledge of open source packages such as Kali Linux or Metasploit

Specific Skills


Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:

  • 5+ years of Information Security experience
  • 3-5 years demonstrated operational implementation and use of Nexpose, Nessus, Qualys or similar scanning tools.
  • 3-5 years demonstrated operational implementation and use of Application security assessment tools e.g. Appspider, Trustwave, Fortify, Qualys or similar scanning tools.
  • Demonstrated understanding of patch management tools for Windows and Unix environments.
  • Demonstrated understanding of software development lifecycle and secure coding techniques.
  • Scripting knowledge is a plus (e.g. python, shell scripting, Java script)
  • Able to explain Application vulnerabilities to programmers and application owners


  • B.A. or B.S. degree in Computer Science
  • Security+ Certification, CEH or other security certifications desired.
  • Basic programming experience is a plus.
  • Tool specific certification (Rapid7, Nessus, Fortify, WSUS, BF, SCCM, Heat, Satellite) desired.


Complete Description


  • Determines enterprise information assurance and security standards.
  • Develops and implements information assurance/security standards and procedures.
  • Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers’ requirements.
  • Identifies, reports, and resolves security violations.
  • Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  • Supports customers at the highest levels in the development and implementation of doctrine and policies.
  • Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
  • Performs analysis, design, and development of security features for system architectures.
  • Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers.
  • Designs, develops, engineers, and implements solutions that meet security requirements.
  • Provides integration and implementation of the computer system security solution.
  • Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
  • Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
  • Ensures that all information systems are functional and secure.

Minimum Education/Certification Requirements:

  • Bachelor’s degree in Information Technology or related field or equivalent experience.