MAD Security is seeking a motivated, career and customer oriented Cybersecurity Test Engineer to join our team in the Washington, D.C. area to provide unparalleled support to our customer. The selected individual will work on the FBI Security Assessment Team (SAT) and appropriately contribute to the daily workload of a highly-skilled and diverse group of security assessment testers.

Candidate will conduct automated and manual tests of information systems, to include vulnerability scans, source code review and Web application testing. The candidate should be comfortable researching and understanding a wide variety of information systems and emerging technologies. The candidate will develop test plans, perform tests and prepare after-action reports for information systems. Candidate will also document tests in accordance with FBI regulations and SAT SOPs. 
 

SAT security projects range in complexity and duration. Projects generally last between two weeks to six weeks and are broken down into three phases: preparation, testing and reporting. The level of effort and number of security assessors varies depending on the criticality of the system, technology, and schedule.

Skills Description:
 

In addition to completing the tasks listed above, the candidate shall:

• Have a broad knowledge of security methodologies, solutions and best practices.
• Have experience with multiple open source and commercial testing tools. A non-comprehensive list includes Nessus, App Detective, Metasploit, Burp Suite, and nmap.
• Advanced understanding of the strengths and weaknesses of security tools. Ability to select the right tool for the job. Ability to configure and troubleshoot tools if necessary.
• Be comfortable using, configuring, troubleshooting, and administrate both Unix/Linux and Microsoft operating systems. Candidate should also have extensive systems engineering experience with at least one of these OSs. 
• Candidate should have a solid understand of the security policies of Department of Justice and FBI, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 rev 4 and 800-53a).
• Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of data related to complex systems. Ability to articulate thoughts and findings in a concise and comprehensive manner.

Other Requirements and Skills:

The ideal candidate must have an expert understanding of at least one of the following technologies and their security vulnerabilities:

• Web applications and technologies. Advanced understanding of application programming languages, application servers, Web services, and Web browsers. Candidate should also understand the vulnerabilities related to these technologies, as well as security best practices when using them. Candidate should also be able to use automated assessment tools and manual testing techniques to assess these applications. Familiarity with OWASP testing methodology is also required. 
• Networking technologies. Advanced proficiency with various networking skills and technologies, including (but not limited to) Cisco hardware and IOS, firewalls, IDS and IPSs, packet analysis, and high level network architecture fundamentals. 
• Enterprise solutions, storage and databases. Advanced understanding of relational databases, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
• Cross domain solutions and trusted operating systems. Advanced experience with a range of Cross Domain Solutions, or CDSs, and advanced understanding of the unique security requirements of CDSs and trusted OSs such as trusted Solaris v8, Solaris v10 with trusted extensions and Security Enhanced Linux.
• Virtualization technologies. Advanced experience with VMware products, Microsoft virtualization technologies and/or similar technologies.
• Mainframes. Advanced hardware, OSs, networking, and security best practices.

Security Requirements: US Citizenship and active TS clearance and eligible for an SCI Access, including ability to pass a counter-intelligence polygraph

Certification Requirements: Must have two of the following certifications; CISSP, ISACA, OSCP, CISA, GPEN or GWAPT, C|EH

Education: Requires Bachelor’s degree or ten years of IT experience

Years of Experience: Requires six years of IT Security Experience