Web Application Security Testing Team Lead
gTANGIBLE Corporation (gTC), www.gtangible.com, is a C corporation and a registered Government contractor that provides services and solutions in:
- National Security Programs
- Professional, Administrative, and Management Support
- Mission and Warfighter Support
We are a Service Disabled Veteran Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.
Requisition Type: Full Time
Position Status: Contingent
Position Title: Web Application Security Testing Team Lead
Location: National Capital Region
Security Clearance: Secret
Duties and Responsibilities
The Web Application Security Testing Team Lead supports this Transportation Security Administration Information Technology (TSA IT) Task Order (TO) by web application testing that require testing both via automated tools and with manual testing techniques. Application testing will require authenticated and non-authenticated testing to ensure full evaluation of the cybersecurity controls for the applications. Off hours testing conducted on a as needed basis. Periodic travel required.
Team duties include the following:
- Become, and remain, familiar with TSA and DHS security policies and Technical Standards relating to web applications and web application development to facilitate effective security assessments. Make recommendations for updates, additions, and modifications to TSA security policy as gaps or deficiencies in security policy are identified.
- Engage with testing engagement stakeholders to gather all required information needed to create detailed test plans.
- Conduct security testing of web applications and services (and other web-related assets) using both Information Assurance and Cybersecurity Division (IAD)-provided automated testing tools and manual testing techniques.
- Troubleshoot any technical issues preventing successful completion of testing engagements within the scheduled time allotted for the engagement (i.e. insufficient credentials, proxy blocking, accounts blocked/expired, etc.).
- Participate in findings meetings to review and provide input on the validity of application stakeholder responses to IAD findings.
- Recommend adjustments of finding validity (valid or false positive) and severity (high, medium, low) to Governance, Risk, and Compliance (GRC) Portfolio Managers and Primary Assessors based on stakeholder responses.
- Review application stakeholder mitigation or remediation actions to address valid findings to assist IAD with determining the applicability and effectiveness of those actions.
- Provide Subject Matter Expertise for a variety of topics concerning web applications in a variety of formats (verbal or written). Includes common and emerging web and mobile technologies, languages, and frameworks to discuss the benefits and security detriments of those technologies.
- Provide support for external security audits conducted of the TSA. Such support would include items such as: providing technical insight into data calls required by external Federal entities, offering technical information to facilitate external auditors work, or validating findings identified in external audit reports.
Knowledge and Qualifications
- At least eight (8) years of technical IT security experience. Such experience can come from system or network administration, security analysis, security testing and evaluation, security incident response, security monitoring, IT project implementation, or other similar technical activities.
- At least five (5) years of experience performing security control assessments (i.e. security testing such as security auditing, primary assessor for Security Control Assessments, etc.).
- At least three (3) years of experience performing web application security testing.
- At least one (1) year of experience performing security testing of Federal IT systems.
- Experience with NIST and FIPS security controls, DISA STIGs, and CIS standards.
- Experience working in groups acting as the sole security practitioner, as well as experience working in team(s) of various sizes of security personnel reviewing the same system.
- Experience with HP WebInspect, IBM/HCL AppScan, Portswigger BurpSuite, SmartBear SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Eclipse, and Wireshark.
- Excellent communication skills to be able to understand concepts being verbally presented, participate in group discussions, and to present recommendations.
- Strong organizational, analytical, and technical writing skills to be able to document findings in reports.
gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.