Security Engineer (Web Application)
Description
gTANGIBLE Corporation (gTC), www.gtangible.com, is a C corporation and a registered Government contractor that provides services and solutions in:
- National Security Programs
- Professional, Administrative, and Management Support
- Mission and Warfighter Support
We are a Service-Disabled Veteran-Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.
Requisition Type: Full Time
Position Status: Contingent
Position Title: Security Engineer (Web Application)
Location: Arlington, VA
Security Clearance: Secret
Duties and Responsibilities
The Security Engineer (Web Application) supports this Transportation Security Administration Information Technology (TSA IT) Task Order (TO) by web application testing that require testing both via automated tools and with manual testing techniques. Application testing will require authenticated and non-authenticated testing to ensure full evaluation of the cybersecurity controls for the applications. Off hours testing conducted on a as needed basis. Periodic travel required. Duties include the following:
- Identifies flaws in business logic, programmatic vulnerabilities and weaknesses, and ensures appropriate and consistent risk levels are assigned to such findings.
- Identifies policy gaps, deficiencies and recommends updates, additions, and modification to TSA security policy.
- Conducts security testing of web applications, web services, end points, (and other web-related assets) using both Information Assurance & Cybersecurity Division (IAD)-provided automated testing tools and manual testing techniques.
- Analyzes and validates test results and removes false positives and submits to stakeholders.
- Participates with stakeholders regarding findings meetings and responses.
- Provides Subject Matter Expertise on emerging web and mobile technologies, languages, and frameworks. In addition, also provide and support on external security audits conducted of the TSA.
Knowledge and Qualifications
- At least ten (10) years of technical IT security experience.
- At least five (5) years of experience performing web application security testing, software development and/or testing.
- At least three (3) years of experience performing web application security testing using manual techniques and vulnerability testing tools and/or code review tools for Federal IT systems.
- Ability to work independently/minimal oversight.
- Experience with manual web security testing techniques.
- Strong understanding of NIST SP 800-53 and DISA STIGS.
- Required Certifications: CISSP, CEH, GWAPT or other relevant certifications.
- Experience with WebInspect, AppScan, BurpSuite, SmartBear SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Eclipse, and Wireshark.
- Strong organizational, analytical, and technical writing skills to be able to document findings in reports.
gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.