MAD Security is seeking a motivated, career and customer oriented Subject Matter Expert / Vulnerability Assessment Tester to join our team in the Washington, D.C. area to provide unparalleled support to our customer. The selected individual will work on the FBI Vulnerability Assessment Team (SAT) and appropriately contribute to the daily workload of a highly-skilled and diverse group of vulnerability assessment testers.

The candidate selected for this position will have experience performing vulnerability assessments of corporate and/or government networks and infrastructures. The Vulnerability Assessment Team, or VAT, is looking for the following qualities: high level of technical proficiency; energetic; results driven; works well under pressure; excellent oral and written communication skills; and manages time effectively.

Position Responsibilities:

• Candidates will conduct quarterly automated scans and analysis of enterprise-class information systems, to include discovery scans, compliance scans, and vulnerability scans
• Candidates will conduct Unit directed vulnerability and/or Compliance assessments
• Candidates will support Unit accreditation efforts of systems and applications through the FBI’s SAA process
• Candidates will also support the Risk Vision GRC Team in establishing an automated FISMA compliance capability, by using RISK Vision Connectors to capture vulnerability scan results for automated reporting
• Candidates will coordinate and perform all scanning, analyze scan data, and prepare vulnerability reports for information systems
• Candidates will also document test results in accordance with FBI regulations and VAT SOPs

Candidates must be able to perform Vulnerability and Compliance assessments on all devices identified during enterprise network scans, including: Operating systems, Oracle and MySQL Databases, and Web applications. The candidate should be comfortable using enterprise-class network scanning tools such as: (Tenable Nessus, Tenable Security Center), database scanning tools (AppDetective and DbProtect) and Web scanning tools (Web Inspect), and should be knowledgeable about the security best practices and most common vulnerabilities that exist for each of these technologies, including SANS and OWASP Top 10.

In addition to the job duties listed above, the candidate shall:

• Be experienced in performing enterprise-level assessment scanning of Networks, databases, and Web Applications
• Be comfortable configuring and performing host, ports and services discoveries on large enterprise networks, and identify target operating systems and applications/services based on discovery scan results
• Have experience with open source and commercial testing tools. A non-comprehensive list includes Nessus, NMAP, App Detective, Hailstorm, Guardium, and Web Inspect.
• Be comfortable using, configuring, troubleshooting, and administering Tenable Security Center, Tenable Nessus (standalone), AppDetective, and Web Inspect
• Have a solid understanding of the security policies used by intelligence organizations, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 rev 4 and 800-53a).
• Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of scan data.
• Ability to articulate thoughts and findings in a concise and comprehensive manner.

Security Requirements: US Citizenship and active TS clearance and eligible for an SCI Access, including ability to pass a counter-intelligence polygraph

Certification Requirements: Must have one of the following certifications: ISC², CISSP, GIAC, GCIA, or GCIH

Education: Requires Bachelor’s degree or ten years of IT Experience

Years of Experience: Requires six years of IT Security experience