We have immediate position to fill in.. Apply now..
Job Title: IT - Test Engineer IV
Location Falls Church - VA (full-time remote support)
Job Description: Application Security Tester Level IV (Candidates in Falls Church, VA area only – full-time remote support, for local candidates, will be considered)
This resource will be working with the RISK Team to Provide technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. This is both a program management and hands-on role, requiring management and technical skills from the hardware to the application layer.
Duties/Knowledge:
Develops general test and evaluation plans to compare current and proposed technologies; assesses test results to determine whether they match requirements specifications
Prepares documents by tailoring technical information and creates benchmark or security authorization reports; outlines key findings related to speed, risks, results and reliability, and recommends acceptance or rejection of technology for applied use
Selects the appropriate technical tests, network or vulnerability scan tools, and/or pen testing tools based on review of requirements and purpose; lists all steps involved for executing selected test(s) and coaches others in the use of advanced research, development, or scan tools and the analysis of comparative findings between proposed and current technologies
Skill in systems engineering, requirements analysis, system development, software development, or hardware development as applied to the information assurance or cyber security field
Prepare the various types of security related documents and conduct vulnerability scans and recognize vulnerabilities in security systems
Previous experience with systems integrations including APIs, API security, and Databases
Proficiency in DevSecOps concepts, including the CI/CD pipeline, Jenkins and/or GitHub Actions, and SAST/DAST integration and automation
Experience working with, developing policy for, and securing Docker containers
Proficiency in scripting, such as Python and/or Powershell
Technical writing skills, along with ease in communicating concepts related to security vulnerabilities and secure coding best practices
Solid understanding of SAST and DAST tool output, reconciling findings, and validating them as true positives
Prior experience with Burp Suite Professional, or other similar DAST tools
Familiar with OWASP Application Security Verification Standard (ASVS) and DevSecOps Maturity Model (DSOMM)