Security Engineer - Mid Level

Alltech International   •  

Herndon, VA

5 - 7 years

Posted 214 days ago

Alltech is an award winning provider of IT services with nationwide project capabilities. Since 1994, Alltech’s focus on quality support to the Federal Government and Government Integrators has led it to become a leader in the Federal Services marketplace.

Description:

Alltech is seeking an Mid Level Security Engineer with 6+ years of hands-on IT experience specializing in security and an understanding of web application technologies, security architecture, and NIST 800-53 to join our team in Herndon, VA.

US Citizen (or Green card only if you have lived in the US for the last 3 years continuously as a legal resident.)

Duties:

  • Job Duty 1 with % of time –Perform vulnerability assessments, security control validations, document and track findings to closure (30%)
    • Job Duty 2 with % of time – Correlate and tune network, system, and application devices for securityevent monitoring (20%)
    • Job Duty 3 with % of time – Participate in architecture reviews, change control board reviews, and assist with validation of CCB approved changes (15%)
    • Job Duty 4 with % of time – Analyze vulnerability findings and POA&Ms to provide recommendations and assist with implementation of changes (20%)
    • Job Duty 5 with % of time – Review system logs to validate remediation fixes and perform incident response investigations (15%)

Required:

  • UNIX and Windows system Hardening
  • POA&M remediation experience for Web, Application, and Database
  • Access Control Management
  • Red Hat Enterprise Linux
  • Apache Web Server, JBoss app server OR similar software
  • Experience with log collection and analysis
  • Enterprise level java based system integration
  • Understanding and experience with TCP/IP, networking, and DNS, SMTP, and HTTPS
  • Security Certification (CISSP, CISA, CISM, Security+ or similar)

Desired:

  • Open Source security tools
  • Nessus, Appdectective, Webinspect or similar
  • IPS (CISCO, Sophos, Snort, or similar)
  • IDS (OSSEC, AlienVault, or similar)
  • Firewall (Checkpoint/CISCO)
  • Splunk or similar SIEM technologies
  • Understanding and experience with OWASP Top 10