More information about this job
Spry is a certified Small Disadvantaged Business (SDB) headquartered in McLean, VA. Spry provides Enterprise, C4IT, Management, and Cyber Solutions to the federal government and commerical entitites. Founded in 2001, Spry Methods was built on the foundation of combining industry knowledge with unmatched responsiveness to produce results for our customers. Our goal is to build a business dedicated to the maximization of value for all stakeholders starting with our employees, our customers, and our community. We recognize that talented and dedicated employees are our most valued assets and the foundation of our success. Guided by these principles, we have established an impressive track record of proven past performance serving our customers within the Commercial, Federal Civilian, DoD, and Intelligence Communities. A CMMI Level 3 certified and ISO 9001:2008 registered company, Spry is committed to quality and continuous improvement.
Spry Methods is seeking experience Security Tester to serve on a Security Assessment Team in Washington, DC.
The Tester must be comfortable researching and understanding a wide-variety of existing and emerging technology, have the ability to participate in the aggressive testing schedule of the Security Assessment Team (SAT) and appropriately contribute to the daily workload of a highly skilled and diverse group of security assessment testers.
Job Responsibilities and/or Success Factors
- Automated & manual testing of information systems
- Vulnerability assessments
- Penetration testing of corporate and/or government networks and infrastructure
- Source code review
- Web application testing
- Threat modeling/simulation
- Test plan development, execution and reporting
- Social engineering
- Networking background including experience with Cisco or Juniper firewalls, routers, and switches
- SOC experience which may include IDS/Sourcefire, Wireshark, or Pack level forensics analysis experience
- Understanding of emerging technologies
Required skills and experience include
- Have a broad knwoledge of security methodologies, solutions and best practicies.
- Have a broad knwowledge of the technical and non-technical tactics, techniques and procedures used by adversaries to exploit information systems.
- Experience to conduct advanced tests that simulate malicious users.
- Have experience with multiple open source and commercial testing tools. A non-comprehensive list includes Nessus, App Detective, Metasploit, Burp Suite, and nmap.
- Advanced understaning of the strengths and weakneeses of security tools. Ability to select the right tool for the job. Abiltiy to configure and troubleshoot tools if necessary.
- Be comfortable using, configuring, troubleshooting, and administrating both UNIX based and Microsoft operating systems. Candidates should also have extensive systems engineering experience with at least one of these OSs.
- Have a solid understanding of the makeup and structure of the intelligence community, Department of Justice and FBI. Candidate should understand security policies of these organizations, as well as security guidelines published by the National Institute of Standards (800-53).
- Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of data related to complex systems. Ability to articulate thoughts and findings in a concise and comprehensive manner. Candidate should also have a strong professional bearing.
Must have an expert understanding of at least one of the following technologies and their security vulnerabilities:
- Web applications and technologies: advanced understanding of application programming languages, application servers, web services, and web browsers. Candidate should also understand the vulnerabilities related to these technologies, as well as security best practices when using them. Candidate should alos be able to use automated assessment tools and manual testing techniques to assess these applications. Familiarity with OWASP testing methodology is also required.
- Networking technologies: expert proficiency with various networking skills and technologies, including (but not limited to) Cisco hardware and IOS, firewalls, IDS and IPSs, packet analysis, and high level network architecture fundamentals.
- Enterprise solutions, storage and databases: advanace understanding of relational database, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
- Cross domain solutions and trusted operating systems: advanced experience with a range of Cross Domain Solutions, or CDSs, and advanced understanding of the unique security requirements of CDSs and trusted OSs such as trusted Solaris.
- Virtualization technologies: advanced experience with VMware products and Microsoft virtualization technologies.
- Mainframes: advanced understanding of mainframe hardware and software, to include OSs. Candidate should also understand mainframe security best practices.
One of the following certifications is required:
- Certified Information Security Professionals (CISSP)
- SANS GIAC Certified Incident Handler (GCIH)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Certified Web Application Penetration Tester (GWAPT)
At Spry, we believe talented and dedicated employees are our most valued assets and the foundation of our success. We are committed to crafting a diverse and inclusive workplace that endorses engagement, creativity, quality and innovation.
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.