Job Description :
Immediate Need

Need Visa Copy & Photo ID Copy

Sr. Systems Security Specialist
Baltimore, MD
3 Years contract

Conduct Static and Dynamic Application code and security vulnerability testing.
Conduct Penetration testing on Enterprise applications and recommend remediation using available tools and technologies.
Educate and support application developers and administrators in fixing security vulnerability issues in all tiers of applications including network, database and web/application servers.
Incident Response and Forensics evaluation using security information and event management (SIEM) tools
Work with Systems and Network Administrators to evaluate and enforce security controls and hardening rules as determined by industry standards for state and federal security compliance requirements.
Integrate applications with SIEM tools and log aggregation / analysis tools such as Splunk.
Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle.
Conduct daily/weekly security audit log reviews and report any suspicious activities.
Conduct security impact analysis of controls on proposed system changes.
Conduct ongoing security reviews and tests of the MHBE systems to periodically verify that security and operating controls are functional and effective.
Review and update systems security documentation and artifacts such as SSP, ISRA, PIA, SSR, CAP and POA&Ms.
Create and track POA&M requirements for resolving security findings.
Adhere to all security, change control and MHBE Project Management Office (PMO) policies, processes and methodologies.

Minimum Qualifications:
A minimum of eight (8) years of experience in analysis and definition of system security requirements.
A minimum of five (5) years of experience in performing static analysis of applications using different tools and technologies such as Fortify, AppScan, Veracode, SonarQube.
A minimum of five (5) years of experience in performing dynamic / customized security analysis of web applications using various tools and technologies to perform penetration testing and identify vulnerabilities/security issues and suggesting remedial measures.
A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of two (2) years of experience working with Web Application Firewall (WAF), Content Delivery Network (CDN) tools such as Akamai, Incapsula, AWS WAF, Cloudflare.
Active CISM, CISSP, CISA, or other Security Certifications
Experience in performing Security Incident Response and Forensics evaluation with SIEM Tools