About Web is currently seeking qualified candidates for a Security Engineer position in Alexandria, VA.
Summary of Job Duties: - Install signature - Identify exploits - Web support with clear understanding of how to test and resolve web security issues ( RFI, SQL injection ) - Running Vulnerability Scan and be able to review the results to assist the courts with remediation - Data research and correlation - Test signatures - Malware analysis - Escalation point for false/positives examination - Write security report and research papers - Support courts and train Mentors on all tools available (Websense, Foundstone, Symantec, Nessus, Burp, etc.) - Skills, Ability and desire to perform tasks listed below as and when needed ( IDS Support level, and Monitoring level )
You will be part of a team responsible for:
Scheduling, coordinating and conducting server, desktop, laptop and network forensics and documenting results. (Network forensics means the capture, inspection and analysis of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis.)
Providing a vulnerability scanning service for networked or standalone devices. (Vulnerability scanning means the use of various security tools and procedures to examine a computer system(s) for determining weaknesses that could be exploited.)
Designing, conducting and performing penetration testing. (Penetration testing means the security testing in which evaluators attempt to circumvent the security features or security mechanisms of a computer system.)
Participating in the design of security test cases for IT applications and conducting IT security application testing. (Application testing means the examination and testing of a program that may be required to verify that it perfoms its documented function and to verify that it successfully resists attempts by users of the program to make the program function or respond in an unintended manner.)
Maintaining antivirus software including coordinating and managing the distributions of updates and new releases to judiciary IT systems.
Operating a Security Incident Response Desk to monitor IT security issues and report on those issues and recommended solutions.
Coordinating the aggregation and consolidation of various audit logs to coordinate the generation and distribution of reports that assist in the identification of network threats.
Designing and implementing a host or network intrusion detection system/intrusion prevention system (IDS/IPS).
Operating and maintaining the IDS/IPS systems.
Researching and analyzing IT security questions that may arise.
Planning, implementing and maintaining an encryption program for desktops, laptops, servers and/or removable media.
Designing and coordinating the integration of secure wireless systems into existing local area networks.
Preparing IT security procedural and/or security awareness materials for training and communications purposes. These activities can range from providing subject matter expertise in the development of webinars, on-line training, class room training, etc.; conducting security training; developing security notices, preparing briefing materials and presenting information as requested by the Government.
Incorporating security best practices. This encompasses conducting basic security assessments, identifying and tracking vulnerabilities, optimizing the use of security and network management tool sets, assisting network managers and system administrators in the remediation of identified risks.
Assisting in the operation and maintenance of an incident response team. This includes performing activities such as writing notices that address recent security issues; maintaining an IT security website; providing technical evaluation for software testing, penetration testing methodologies, and toolkits; logging and tracking incidents in a problem tracking database or tool; researching, resolving, and closing incidents; performing in-depth ongoing technical threat and vulnerability research, which may include configuring and testing in a computer lab environment; performing research and analysis on computer and network security problems; and coordinating technical fixes with vendors and users; performing technical evaluations of Commercial Off The-Shelf (COTS) products to facilitate implementation.