Security Operations & Web Application Scanning Specialist (Security Clearance Required)

Job Type Full-time, Contract Description

Shift: Standard 

Pay Range: $97,000 - $112,000 

Responsibilities: 

• Identify gaps or vulnerabilities in devices and applications, which includes managing and modifying applications security scan profile as per the baseline standards on a weekly basis with reporting.
• Perform monthly security analysis and reporting of the different layers of the systems (application database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners.
• Perform network vulnerability assessments and applications security testing on both native and web based mobile applications on different mobile platforms as well as networked devices. This should be completed monthly or as needed. 
• Review the systems security architecture and create security test plans based on existing and planned controls and recommendations. Complete monthly or as needed with reports provided to supervisor.
• Review scanner reports and work with the application development community to remediate issues following a risk-based approach. This should be done daily with weekly reports to the supervisor. 
• Work with application development and patch management teams daily to resolve vulnerabilities, including recommending and monitoring remediation activities. Provide reports weekly to the supervisor and as needed. 
• Continuously monitor the published vulnerabilities for various applications, operating systems. This should be done daily. Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholders immediately with report provided to supervisor and ACISO. Review the applied patch by scanning the disclosed vulnerabilities.
• Engineer solutions: perform dynamic and static security testing as part of the Software Development Life Cycle (SDLC) monthly and/or as needed. 
• Perform perimeter threat analysis by researching and reporting threat trends and utilize the analysis for continuous security posture improvement completed weekly with reporting given to supervisor weekly.
• Monthly Assessment and reporting to include threat modelling, documenting potential risk vectors, recommending and applicable and proportional controls and ensure risk identified if any is addressed

Requirements

• 5+ Years of experience in systems vulnerability management and software patching
• Excellent analytical skills
• Understanding of TCP/IP and network communications
• General knowledge of web and network content scripting languages.
• Packet-level behavioral familiarity with most major TCP/IP application protocols
• Experience in how to operate patch management, Web Application Scanning management and perimeter security tools such as Nessus, Tenable SecurityCenter, Tanium, Burp Suite, NMAP, CheckMarx, Splunk and other open-source tools as needed and approved. 
• Experience in reviewing security architectures, including cloud and carrying out application security risk assessments independently.
• Well versed in multiple security technologies such as SIEM; Intrusion Detection Systems; End-point security; Web Proxy/Content Filtering; Active Directory, PKI, Radius, RSA SecureID, Log Analysis
• Experience with web, mobile, and network application security
• Strong understanding of OWASP top 10 and similar application security methodologies
• Strong understanding of cryptography and SSL certificate lifecycle management
• Experience with security tools including static code analysis and vulnerability scanning
• Platform experience. E.g. Linux, Redhat, CentOS or similar
• Experience with agile software development practices and methodologies
• Comprehensive Web Application Firewall, F5 ASM & iRule experience.
• Any security configuration and/or automation experience is highly desirable

Certification Requirements 

1. Active Secret Security Clearance 
2. Security+ OR one of the following: 

• CEH 
• CASP 
• SSCP 
• CISA 
• CISM 
• GCIH 
• GSEC 
• CISSP

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group, Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment, including recruitment, hiring, promotion, training, compensation, benefits, and termination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.

Ryan Consulting Group, Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process, please contact humanresources@consultrcg.com.

Drug-Free Workplace Statement

Ryan Consulting Group, Inc. is committed to maintaining a drug-free workplace, in compliance with the Drug-Free Workplace Act of 1988, which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety, health, and productivity of our workforce, and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group, Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.