Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer

Job Description

Job Description

Dexian Government Solutions is recruiting for a Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer to support our proposal at the the DHS CIETS in DC Metro area.

Position Overview:

Serves as DHS I&A's senior offensive security and technical assessment specialist. This position is responsible for identifying vulnerabilities, assessing system security posture, validating security control effectiveness, conducting penetration testing activities, evaluating software assurance risks, and providing actionable remediation recommendations across classified and unclassified environments.

Job Duties:

The Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer provides expert support for:

• Penetration testing
• Vulnerability assessments
• Security testing and evaluation
• Software assurance analysis
• Security control validation
• Technical risk identification
• Security architecture assessment
• Remediation planning
• Continuous monitoring support
• The position functions as the Government's senior technical assessor responsible for independently identifying weaknesses before adversaries do.

Core Responsibilities

Penetration Testing, the engineer shall:

• Conduct penetration testing of DHS I&A systems and environments.
• Evaluate system resistance to cyber-attacks.
• Assess network, application, operating system, and infrastructure security.
• Perform adversarial testing activities to identify exploitable weaknesses.
• Validate effectiveness of implemented security controls.
• Document findings and recommend corrective actions.

Vulnerability Assessment, the engineer shall:

• Conduct comprehensive vulnerability assessments.
• Analyze vulnerability scan results.
• Identify security weaknesses and misconfigurations.
• Assess severity and operational impact of vulnerabilities.
• Validate remediation effectiveness.
• Provide technical recommendations to reduce risk.

Software Assurance Analysis, the engineer shall:

• Evaluate software security posture.
• Assess application security controls.
• Review software development and deployment risks.
• Identify coding and implementation weaknesses.
• Support secure software development practices.
• Analyze software assurance findings and recommend mitigation strategies.

Security Testing and Validation, the engineer shall:

• Perform security testing supporting RMF activities.
• Validate implementation of technical security controls.
• Support Security Control Assessments (SCAs).
• Evaluate effectiveness of security safeguards.
• Verify compliance with security requirements.
• Assist authorization teams in assessing residual risk.

Security Engineering Assessments, the engineer shall:

• Conduct technical security reviews of systems and architectures.
• Evaluate proposed technologies and security implementations.
• Identify engineering weaknesses affecting system security.
• Support architecture and design reviews.
• Recommend technical improvements.

Continuous Monitoring Support, the engineer shall:

• Support ongoing vulnerability management activities.
• Assess emerging risks and threat exposure.
• Review remediation progress.
• Monitor recurring findings and risk trends.
• Support continuous authorization activities.

Risk Analysis and Remediation, the engineer shall:

• Analyze risks associated with identified vulnerabilities.
• Recommend risk mitigation strategies.
• Evaluate compensating controls.
• Prioritize remediation activities.
• Brief Government leadership on technical findings and risk implications.

Stakeholder Coordination, the engineer shall:

• Coordinate with ISSOs and ISSMs regarding findings.
• Support Security Control Assessors during assessments.
• Work with system administrators and engineers to resolve vulnerabilities.
• Provide technical recommendations to system owners.
• Support Government cybersecurity leadership during audits and inspections.

Stakeholder Interaction, the Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer routinely interfaces with:

• ISSOs
• ISSMs
• Security Control Assessors
• Security Risk Management Engineers
• Cybersecurity Engineers
• System Administrators
• Application Development Teams
• Enterprise Architects
• System Owners
• Authorizing Officials

Required Qualifications:

The Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer must have at least 2 years of recent experience in each of the following technical areas: software assurance, penetration testing with a range of automated tools, vulnerability assessment, security patch management, secure cloud and hybrid engineering, and CDS, for a total of at least 10 years.

Certification Requirements: The Senior Penetration Testing, Software Assurance and Vulnerability Assessment Engineer must possess certifications as a Certified Ethical Hacker (CEH) and CISSP, or comparable demonstrable experience.

Clearance Requirements: TS/SCI with CI Polygraph

Dexian Government Solutions is an award-winning, ISO 9001:2015 certified, business and GSA contract holder providing diversified Information Technology services to both Civilian and Defense agencies. Services include Software Development, Systems Integration, Data Management, Project Management, Operations & Maintenance, Cybersecurity, and Training and Audio/Visual (AV) Solutions. Dexian Government Solutions has received several recognitions, including rankings on "Top 50 Companies to Watch", Washington Technology's Annual "FAST 50", and Inc. 500's List of "Fastest Growing Private Companies". The Dexian Government Solutions team is comprised of individuals who are dedicated to the success and sustainability of our customers and their missions. Our combination of technical expertise, big business experience, and small business agility allows us to promptly provide our customers with exceptional IT and engineering solutions.

Benefits

Our robust benefits package includes Open Paid Time Off, 11 Federal Paid Holidays & 5 Paid Sick Days, Company-paid Life/AD&D, Company-paid Short Term and Long-Term Disability, Health Insurance with Company Contribution, 401k Plan with Company Match, Employee Recognition Program, opportunity for Employee Referral Bonus, opportunity for annual Performance Bonus and much more!

EEO Statement

Dexian Government Solutions is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided based on qualifications, merit, and business need.

All applicants will be considered for employment without attention to race, religion, color, national origin, ancestry, physical or mental disability, medical condition, pregnancy (including childbirth, lactation and related medical conditions), marital status, genetic information (including characteristics and testing), gender, sexual orientation, gender identity or expression, military and veteran status, or any other status protected under federal, state, or local law in the locations where we operate.

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Human Resources. The Company invites any applicant and/or employee to review the Company's written Affirmative Action Plan. This plan is available for inspection upon request.

- content/uploads/2017/09/poster_screen_reader_optimized.pdf

#DICE

#LI-LM1

This role requires an active Top Secret Security Clearance, customer approval, and successful completion of a pre-employment background screening.