---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Location: Arlington, Virginia, United States
Type: Permanent F/T
Closing Date: 2007-11-22
Applicants selected will be subject to a government security investigation and
must meet eligibility requirements for access to classified information. Must
be clearable to the Top Secret level.
• Provide consulting services, as a member of a team of security
professionals, to the Office of the Chief Information Security Officer (OCISO)
within the Transportation Security Administration (TSA).
• Serve as a Subject Matter Expert (SME) on application/database security
topics
• Perform risk and vulnerability assessments, penetration tests and
potential incident response, especially relating to applications/databases;
analyze results and make recommendations
• Assist in the development, configuration and C&A of various systems
(especially relating to applications/databases) to ensure adequate security of
high performance, highly available, and mission critical applications
• Providing advisory services regarding the procurement of
application/database technologies
• Assist in designing, establishing and maintaining various other security
products and technologies, to include firewalls, intrusion detection systems,
antivirus, patch management systems, etc.
• Provide input and visibility into emerging security technologies,
deployment strategies and other security protocols to ensure awareness within
the OCISO
JOB REQUIREMENTS
---------------------------------------------------
• Should have extensive experience programming in several languages, such
as ASP/.NET, PHP, Perl, Java, and C/C++.
Experience with:
- Input Validation
- SQL Injection
- Cross Site Scripting
- Buffer Overflows
• Should have extensive experience in Oracle and SQL Server; experience
with additional DBMS, such as MySQL and PostgreSQL, is preferred.
• Strong interest in IT security.
• Familiar with FISMA and government C&A.
• Experience with various principles of IT security, such as access
control, business continuity and disaster recovery planning, cryptography, risk
management, security architecture and design, telecommunications and network
security, etc.
• Experience with various operating systems (Windows, Linux, Unix),
networking technologies, routers, switches, firewalls, VPNs, HIDS, NIDS, patch
management systems, as well as intimate knowledge of TCP/IP, HTTP/S and many
other protocols.
• Experience with various web security assessment tools, such as
WebInspect, AppDetective, Nikto, Paros, WebScarab.
• Experience with other security assessment tools, such as ISS, Nessus,
Core Impact, Metasploit, nmap, Wireshark/Ethereal, Kismet, John, TCPDump.
• Must have excellent communications skills (oral and written)
• 3+ years of experience in the area of applications development
(primarily web-based applications), including experience relating to database
development. At least one year in a security role preferable, especially as it
relates to applications/databases.
• Degree in computer science, information systems or related field with 3
years experience. If no degree, then at least 4 years of related experience is
required.
• CISSP / CISA and vendor certifications (e.g. MCSD, MCSDBA, Oracle DBA)
preferred
CONTACT
---------------------------------------------------
To apply for this position, please visit this site and upload your resume:
http://www.cytiva.com/kcg/apply2.asp?kcg?kcg298?khanson
Knowledge Consulting Group
Katie Hanson
Director of Recruiting
katie.hanson@knowledgecg.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
