Job Description :
The District of Columbia government is looking for a resource to join their Security Team in the role of an IT system and application vulnerability assessment consultant.This position will work on location in
Washington, DC.


Description of specific Duties in a typical workday for this position:
Familiarity with OWASP and NIST standards for application and network assessments.
Perform penetration testing on internal application and networks.
Performing Mobile Application Penetration Testing on cots and internal developed applications on both Android and IOS operating systems.
Develop scripts to help automate security assessment processes.
Perform vulnerability assessments of all network systems including scanning and analysis of the target networks.
Perform security assessments of new and existing applications by performing periodic scans.
Research platform-specific disclosed vulnerabilities and analyze the impact to the enterprise.
Responsible for creating documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels.
Knowledge of open source packages such as Kali Linux or Metasploit

Position Requirements:
5+ years of Information Security experience.
3-5 years demonstrated operational implementation and use of Nexpose, Nessus, Qualys or similar scanning tools.
3-5 years demonstrated operational implementation and use of Application security assessment tools, e.g., Appspider, Trustwave, Fortify, Qualys or similar scanning tools.
Strong Communication Skills (will be providing feedback to customer)
Demonstrated understanding of patch management tools for Windows and UNIX environments.
A working knowledge of Web Application firewalls is necessary.
Demonstrated understanding of software development life-cycle and secure coding techniques.
Have a strong understanding of the Ethical Hacker processes and procedures.
Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies behavioral based a plus
Able to explain Application vulnerabilities to programmers and application owners.
Ideally would like to find a candidate that was once an Engineer or Developer that has gone into Security.
Education: B.A. or B.S. degree in Computer Science.

Nice to have:
Security+ Certification, CEH or other security certifications desired.
Basic programming experience is a plus.
Tool specific certification (Rapid7, Nessus, Fortify, WSUS, BF, SCCM, Heat, Satellite) desired.
Scripting knowledge is a plus (e.g. python, shell scripting, Java script
Knowledge of Windows and UNIX operating systems. Hands-on experience a plus.