Job summary:

Job description:

**** W2 or 1099 or  c2c ***webcam interview *****Long term  project  usually the project goes for multiple years with this customer. *** Remote *** 

Description:

This position is housed under the Department of Health Care Finance in direct support of the DC Access System (DCAS).  The resource shall design and develop security monitoring and reporting tools such as alerts, metrics and dashboards. The resource shall monitor and report on access to sensitive data and responds to data breaches accordingly.

The resource shall develop and maintain security applications and configuration management solutions. The resource shall create procedures to help teams make the most out of the available infrastructure. The resource shall review projects and coordinate changes with internal and external organizations. The resource shall perform other related duties as assigned.

Responsibilities:

• Conduct comprehensive vulnerability assessments using industry standard tools, techniques, and methodologies
• Utilize Tenable Nessus tool to perform scans, analyze results, and identify potential vulnerabilities in operating systems (setup/configure/interpret/update/maintain)
• Utilize Qualys Web Application Scanning (WAS) tool to perform scans, analyze results, and identify potential vulnerabilities in web applications   (setup/configure/interpret/update/maintain)
• Utilize static code analysis tools such as SonarQube and Fortify to identify vulnerability issues with code and for proper software quality   (setup/configure/interpret/update/maintain)
• Perform manual penetration testing, vulnerability validation, and exploit analysis
• Collaborate with cross functional teams to assess vulnerabilities, prioritize remediation efforts, and implement appropriate security controls
• Stay up to date with the latest cybersecurity threats, vulnerabilities, and industry best practices
• Perform detailed analysis and prepare summary reports for O&M teams for addressing critical vulnerabilities
• Develop and maintain vulnerability assessment documentation, reports, and metrics for both internal clients and external partners (POAMs, audits, etc.)
• Participate in the development of new, and in reviews and updates of existing security related documents for compliance (SSPs, SARs, CAPs, policies, etc.)
• Participate in incident response activities, including vulnerability related incidents
• Contribute to the design, build and test security technologies/architectures and systems related to DCAS on premises and cloud infrastructure
• Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
• May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC

Qualifications:

• Minimum of 5 years of experience working in cybersecurity or a similar role
• Strong understanding of web application security, vulnerability assessment, and penetration testing methodologies for both on premises and cloud environments
• Considerable experience in analyzing and interpreting vulnerability scanning results and providing actionable recommendations
• Expertise and proficiency in using Tenable, Qualys and similar tools for vulnerability scanning (OS, web applications, etc.)
• Familiarity with other vulnerability assessment tools such as Burp Suite, ZAP, OpenVAS, Metasploit, etc.
• Ability to use static code analysis tools (SonarQube, Fortify, etc.) to discover, interpret and report coding and software issues
• Solid knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and the ability to mitigate them effectively
• Must have working knowledge and understanding of NIST cybersecurity framework, CIS benchmarks, FISMA, HIPAA, and similar standards and guidelines
• Must have knowledge and skills to administer, support and maintain security tools such as Splunk Enterprise Security/SIEM for log analysis and event correlation, McAfee ePO for endpoint protection (malware and threat prevention), McAfee DAM for database activity monitoring, etc.
• Must have capability to utilize analyze native systems and applications logs, and also to make use of log ingestion platforms for security analytics and identification of tactics, techniques and patterns of attackers
• Must have an understanding of network security concepts, including firewalls, VPNs, IDS/IPS, MFA, and SIEM solutions
• Must know about endpoint protection (malware, ransomware and similar threats)
• Must have an understanding of database security requirements
• Must have an exposure to file integrity monitoring tools to detect changes to core systems
• Must have solid knowledge of Linux OS, particularly Red Hat Enterprise Linux
• Must possess an understanding of Microsoft Windows Server OS
• Provide input on other security related architecture, issues, and features (i.e., Firewalls, Application Proxies, WAFs, Web servers, APIs, Network Security, etc.) 
• Excellent problem solving and analytical skills
• Relevant certifications such as CEH, OSCP, or GIAC are a plus

Demonstrate in interview(s) your abilities to perform the tasks and duties necessary as defined above in Responsibilities

Minimum Education/Certification Requirements:

• Masters Degree in Engineering or Computer Science is HIGHLY PREFERRED

Required Skills:

• Hands on knowledge of vulnerability assessments and mitigations (systems/applications/code). 11 Years
• Professional experience implementing and monitoring security controls in accordance with FISMA (NIST 800 series), IRS 1075 and CIS guidelines. 5 Years
• Ability to build and monitor security compliance services on production systems. 11 Years
• Professional knowledge of operating systems (OS), physical servers and virtual machines. 11 Years
• In Depth knowledge of Security Monitoring Tools (Database Security, Application Security, Firewalls, General Network Security) Examples: 5 Years
• 16+ yrs. implementing, administering, and operating IS tech such as firewalls, IDS/IPS, SIEM, Antivirus, net traffic analyzers, and malware analysis 16 Years
• 16+ yrs. utilizing advanced experience with scripting and tool automation such as Perl, PowerShell, Regex 16 Years
• 16+ yrs. developing, leading, and executing information security incident response plans 16 Years
• 16+ yrs. developing standard and complex IT solutions & services, driven by business requirements and industry standards 16 Years
• BS Degree in IT, Cybersecurity, Engineering, or equivalent experience

Highly Desired Skills:

• McAfee Database Security Suite (DAM), McAfee ePO, Tenable Security Center/Nessus, Trustwave App Scanner, Tripwire Enterprise, VMware vSphere/vCenter, 5 Years
• F5 LTM/GTM, Juniper Junos, Palo Alto PANOS, HP Fortify, Metasploit and PRTG. 5 Years

Contact the recruiter working on this position:

The recruiter working on this position is Hima Teja(Shaji Team)
His/her contact number is +(1) (202) 6290353
His/her contact email is teja@msysinc.com

Our recruiters will be more than happy to help you to get this contract.