Security Auditor/ Penetration Testing

Description

MBL Technologies, Inc. offers a diverse set of management and technology consulting services to Federal government and commercial markets. Our solutions are tailored to support each client’s mission, accounting for their unique needs and operating environments to ensure success. We bring the right people, capabilities, and expertise together to assist our clients with enabling their mission. Together our individual differences drive successful business results.

If you are transitioning from military to civilian life, have prior service, are a retired veteran, or a member of the National Guard or Reserves, or spouse of an active military service member, we encourage you to apply. Please visit our webpage for information on our policies and benefits for the military and veteran community.

Why Work With Us?

• We trust, empower, and believe in our employees to soar to their fullest potential!
• We offer a robust benefits package (medical, dental, vision, STD, Accident, Life, Hospital Insurance, FSA, HSA, 401K match, professional development stipend, etc.).
• We love to have fun and give back to the community. Community Service and Employee Engagement events are atop our calendar events!
• We genuinely like each other and champion everyone to achieve their own greatness!

MBL Technologies is seeking a Security Auditor/ Penetration Testing to join our team. The individual will be instrumental in supporting and enhancing our organizational initiatives by supporting our team. This role requires a blend of analytical skills, leadership capabilities, and effective communication to address customer requirements and drive successful project outcomes. Directly manages information technology projects to provide a unique service or product.

The SME Security Engineer will support and provide expertise to a successful cybersecurity and Privacy program for a government customer. The SME Security Engineer will be responsible for designing, implementing, and maintaining secure systems and networks in a DevSecOps environment. You will work closely with cross-functional teams, including IT, network engineering, and cybersecurity, to ensure that systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access and other security risks. You will be responsible for identifying vulnerabilities and potential threats, conducting risk assessments, and developing and implementing security solutions to mitigate risks. You will also be involved in incident response, security monitoring, and security policy development.

Duties / Responsibilities:

• Advise on the security architecture of new technology projects.
• Evaluate and provide recommendations on third party applications and services.
• Design and perform anomaly code analysis of systems and applications.
• Ability to discover new and interesting security problems as well a fix them.
• Build, deploy, and maintain automation and security tools.
• Work closely with our application development and infrastructure architectural teams to create code secure by design in compliance Zero Trust standards.
• Perform penetration test on applications to decrease potential introduction of vulnerabilities within our code.
• Aid in the vulnerability management process by providing data from specialized tools.
• Support, configure, enrich, and maintain enterprise logging solution.
• Document and generate management reports and dashboards in the enterprise Security Information and Event Management (SIEM) Tool.
• Deploy in-house or COTS security applications to support our efforts.
• Participate in a cross-functional response to cyber security incidents.
• Perform Static Code Analysis.
• Perform DAST Analysis.
• Configuration of platform specific DAST scan libraries to better aide in the evaluation of applications.
• Support the planning, designing, and architecting of a multi-technology cyber solution.
• Aide in security engineering tasks as related to the ATO process of systems.
• Develop and maintain security policies as related to development best practices.
• Investigate to determine root causes of security issues to perform troubleshooting and problem resolution to restore services.
• Develop, present, and implement sound recommendations for remediation.
• Provide guidance and support security activities in relation to application vulnerability analysis.
• Support and maintain enterprise vulnerability management tool.
• Create and update system design documentation.
• Remote management and troubleshooting of cybersecurity tool related servers.
• Provide research and analysis in support of expanding programs and area of responsibility.
• Assess information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
• Perform analysis of security features for system architectures.
• Provide agency with knowledge and guidance in following NIST, FISMA, Agency Information Security and Privacy, and Cloud Guidelines.

Requirements

 Requirements: 

• CISM, CISSP, GSLC, CEH, LPT, CPT. Similar level certifications considered on a case-by-case basis.
• U.S. Citizenship
• Must possess or be able to obtain a federal background investigation of Tier 4 Critical Non-Sensitive (Form SF 85P)
• Bachelor’s degree in business, information technology, or related field of study or 10 years of experience in computer security may substitute for degree.
• Minimum seven years of experience in cybersecurity.
• AWS Solutions Architect - Professional (network certified), AWS Certified Security - Specialty, Splunk Enterprise Certified Architect
• Experience with Webinspect, BurpSuite, Splunk Expert (+), Tenable
• Expertise with Sonar Qube (source code analysis. static source code analysis)
• Splunk Power User
• Strong in vulnerability analysis. Using Splunk on top of that.
• Experience demonstrating strong analytical, troubleshooting, and problem-solving skills for cybersecurity.
• Excellent in oral, written, and verbal communication skills.
• Knowledge of NIST, Zero Trust Architecture and risk management frameworks
• Knowledge of Cybersecurity/privacy principles and cyber threats and vulnerabilities.
• Knowledge of Networking Protocols (TCP/IP, SNMP, DNS, DHCP, ISCSI)- penetration tester.
• Experience implementing, running, and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing)
• Knowledgeable regarding browser security controls (CSP, XFO, HSTS,), web application security topics such as OWASP (pen tester) Top 10, and authentication infrastructure (SAML, OAUTH)

Desired Qualifications and Skills:

• Zero Trust
• AWS Certified Architect
• Pen Testing experience
• Cyber program analysis
• Cyber development, engineering, and architecture
• Splunk Engineer
• Crafting and authoring cyber policy
• Cyber Risk Management
• DevSecOps Engineers
• Linux Engineer
• Kubernetes
• Ansible
• Technical Security Control and configuration of proprietary applications.

MILITARY OCCUPATIONAL SPECIALTY CODES (MOS codes):170A, 170D, 17A, 17B, 17C, 17D, 24B, 25B, 47D, 94F, IT, 17 5309, 6203, 9735, 9740, 9890, 9891CORPORATE CITIZEN:MBL Technologies’ vision is to make a positive difference – for our people, our customers, and our communities. As such, a commitment to service and excellence has been woven into the very fabric of our culture. MBL employees demonstrate a willingness to consistently go above and beyond and strive for excellence in all we do – championing, protecting, and celebrating the core business through the mission, vision, and values. All are expected to be good corporate citizens, supporting one another and internal corporate initiatives to build a stable business platform and ensure lasting company success.Benefits:MBL Technologies offers a competitive salary adjusted for candidate qualifications partnered with an industry-leading benefits package. This package includes incentive plans with corporate and individual-based performance bonuses, 401K, PTO, remote work, health and wellness programs, employee discounts, and learning and development reimbursement.EEO STATEMENT:MBL Technologies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.