---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Location: Falls Church, , United States
Type: Permanent F/T
Closing Date: 2007-02-16
Join us for a rewarding career in IT Security! IntelliDyne, LLC is a rapidly
growing, highly respected IT consulting company, based in Falls Church, VA.
Ranked 7th last year on Washington Technology Magazine’s “Fast
50” list, we offer premier IT services and solutions that improve the
performance of both public and private sector organizations. IntelliDyne
combines its superior technical expertise with a staunch commitment to customer
service to offer customers a formula for success. As technologies are
increasingly interconnected with the people, organizations and societies that
are dependent upon them, we help provide the linkages. Since 1999, we have
been a market leader. IntelliDyne was named as the #4 company on Deloitte &
Touche’s “Tech Fast 50” list for Virginia’s top technology
companies in 2005.
See us at: www.intellidyne-llc.com
Number of Available Positions: 1
Location of Position: Falls Church, VA
Position Description
• An Information Assurance (IA) Security Engineer evaluates the security
posture of systems, and makes recommendations to the Security Analyst,
Certifying Authority, and the Approving Authority.
• Provides direction, technical experience, and work assignments to
direct other Engineers; reviews work products for correctness and adherence to
DITSCAP/DIACAP and other IA Standards, and tracks progress against work
schedules.
• Prepares deliverables and delivers presentations in all areas of
expertise to colleagues, subordinates, and end-user representatives.
• May coordinate with the Task Manager to ensure problem resolution and
user satisfaction.
• Conducts technical assessment of Networks, Systems and Applications
with automated scan tools. Security Readiness Review (SRRs) and Security
Technical Implementation Guides (STIGs).
• Interfaces with external customers to provide IA subject matter expert
support throughout the system development lifecycle.
• He/she evaluates and assesses compliance with established IA policies
and regulations and advises management on IA trends and solutions.
JOB REQUIREMENTS
---------------------------------------------------
• Senior Engineer will have a minimum of five (5) years, while an
Engineer will have a minimum of three (3) years of related experience.
• Must have direct experience conducting Certification and Accreditation
(C&A) testing activities as outlined in DITSCAP/DIACAP to include: data
gathering, performing risk assessments, conducting security test and
evaluations (ST&E), evaluating certification documentation and contingency
plans (COOP, etc.), and conducting manual application testing.
• Must have a working knowledge of Service CoN process, OMB Circular,
DoD, NIST, FISMA, and other security/IA-related military/Federal requirements.
• Experience in security controls for LAN/WANs, mainframes, client
server, web-based systems, and databases are a benefit.
• Must have good writing and communications skills.
• Must have a Bachelor’s degree in Information Systems (or related
field), or a minimum of three (3) years direct experience in information
systems management, development, and operations.
• Applicants selected will be subject to a government security
investigation and must meet eligibility requirements for IT (ADP) II.
• Additionally, applicants must be certified, or achieve certification
within six months of employment, as an Information Assurance Technical (IAM)
II, IAW DoD 8570.1-M.
General Experience
• Senior Engineer will have a minimum of five (5) years, while an
Engineer will have a minimum of three (3) years of related experience.
• Experience may directly relate to the proposed task area of
responsibility and may include a broad range of assignments performing
difficult analytical assignments and/or technical requirements and analysis.
• Testing tools utilized may consist of DoD IA Information Technology
(IT) Security Checklists, and/or automated Vulnerability Identification Tools.
The following is a list of tools typically available for use:
• DISA Security Readiness Review (SRR) scripts
• DISA Gold Disk
• DISA Checklist(s)
• Nmap – Transmission Control Protocol/User Datagram Protocol
(TCP/UDP) port scanner. Nmap is Open Source software released under the GNU's
Not Unix (GNU) General Public License
• Nessus - Nessus is a vulnerability scanner that will perform external
system tests and produce a report specifying exploitable vulnerabilities and
items of concern. Nessus is Open Source software
• AppDetective – AppDetective is a vulnerability assessment scanner
that discovers database applications within the infrastructure and assesses
their security strength. AppDetective locates, examines, and reports security
vulnerabilities and misconfigurations
• McAfee Foundstone - Foundstone scanner is used to identify
vulnerabilities within network devices, system servers, and operating systems.
Foundstone performs probes of network communication services, operating
systems, routers, firewalls, and applications, thereby identifying system
weaknesses, which could result in unauthorized network access
• eEye Retina – Retina Network Security Scanner is a network
vulnerability scanner used to perform external system tests and report on known
system vulnerabilities and prioritize threats
• Ethereal - Ethereal is a network protocol analyzer that allows the
engineer to capture data packets from a live network for analysis. Ethereal is
Open Source software released under the GNU General Public License
• SuperScan - Connection based TCP port scanner
Specialized Experience
• Knowledgeable of DoD guidelines concerning Defense IM and concepts of
planning, budgeting, evaluating, and acquiring health automated information
systems.
• May be knowledgeable in theories, concepts, and practices in the
disciplines of health services management, and strategic information management
and systems.
• Should be knowledgeable of management issues related to health policy
and management systems of the Office of the Secretary of Defense (OASD) Health
Affairs (HA), their interrelationships with the Services, other DoD component
organizations, other Federal agencies with a health care mission, and
private-sector health care initiatives.
Capabilities / Duties
• Ability to perform security testing and analysis of DoD systems for
compliance with security requirements.
• Ability to use a variety of security techniques, technologies, and
tools to implement security solutions in computer systems and networks.
• Participates in some phases of the systems lifecycle including systems
development, integration, and testing.
• Assists in computer security penetration studies.
• Analyzes and documents security requirements for computer systems,
which may include mainframes, workstations, and personal computers.
• Designs, develops, engineers, and implements common solutions to
security requirements.
• Gathers and organizes technical information about an organization's
mission goals and needs, existing security products, and ongoing programs in
computer security.
Knowledge Skills, and Abilities (KSA)
1. Knowledge of commonly applied testing and assessment of security principles,
concepts, and methodologies in performing information, physical and industrial
security programs for Federal systems.
2. Knowledge of security classification methods, concepts, access eligibility
requirements, and the process for granting security clearances/information
accesses.
3. Knowledge of security incident handling policy and procedures.
4. Knowledge of current federal policies and procedures applicable to
development in security to include FISMA and NIST security guidelines.
5. Skill with use of automated testing tools, such as eRetina, AppDective, etc.
6. Skill and experience with SRR and Script testing.
7. Skill in use of DIACAP and VMS database
8. Ability to analyze and evaluate system test results and provide recommend
action.
9. Ability to analyze and evaluate reports and conditions to develop/recommend
action.
10. Ability to obtain an IT Level II clearance access.
Interested applicants should send their resumes to: slai@intellidyne-llc.com
IntelliDyne offers competitive salaries, as well as an impressive benefits
package that includes: Company paid employee medical, vision and dental plan,
401(k) plan with 50% matching policy, life and short/long term disability
insurance, tuition assistance, parking/Metro benefit, vacation and health club
subsidy. Note: there is NO relocation assistance offered with this opening.
IntelliDyne is an Equal Opportunity Employer.
CONTACT
---------------------------------------------------
Please contact the following recruiiter:
slai@intellidyne-llc.com
IntelliDyne, LLC
Michael Amiri
Recruiting Manager
mamiri@intellidyne-llc.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
