Acuity, Inc. seeks a dynamic, self-motivated Senior Web Application Security Tester with experience testing mission critical systems serving national security missions.. You will be driven to excel in a dynamic project-oriented environment collaborating with a team of multi-disciplinary professionals. Your expertise will be critical to meeting our client's needs and expectations.
Maintain and stay current with web application security testing tools and testing techniques to perform automated and manual security testing of web applications and web-services
Become, and remain, familiar security policies and Technical Standards relating to web applications and web application development to facilitate effective security assessments
Deliver recommendations for updates, additions, and modifications to security policy as gaps or deficiencies in security policy are identified
Provide recommendations to update existing, or create new, processes and procedures to improve security testing practices
Engage with testing engagement stakeholders to gather all required information needed to create detailed test plans
Conduct security testing of web applications and services (and other web-related assets) using HP WebInspect, IBM/HCL AppScan, Portswigger BurpSuite, SmartBear SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Eclipse, and Wireshark
Review application stakeholder responses to web application security findings identified during security testing engagements
Participate in findings meetings to review and provide input on the validity of application stakeholder responses to findings.
Provide support for external security audits; such support would include items such as: providing technical insight into data calls required by external Federal entities, offering technical information to facilitate external auditors work, or validating findings identified in external audit reports.
At least eight (8) years of technical IT security experience. Such experience can come from system or network administration, security analysis, security testing and evaluation, security incident response, security monitoring, IT project implementation, or other similar technical activities
At least five (5) years of experience performing security control assessments
Experience with NIST and FIPS security controls, DISA STIGs, and CIS standards.
Experience working in groups acting as the sole security practitioner, as well as experience working in team(s) of various sizes of security personnel reviewing the same system
At least three (3) years of experience performing web application security testing
At least one (1) year of experience performing security testing of Federal IT systems
Experience using HP WebInspect, IBM/HCL AppScan, Portswigger BurpSuite, SmartBear SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Eclipse, and Wireshark
Experience with contributing to the delivery of testing artifacts, including automated testing plans, performance test plans, test reports, UAT plans, and traceability matrices
Experience with analyzing and documenting software test results
About Acuity, Inc
Acuity is a leading management and technology consulting firm that specializes in serving the federal government. Our innovative, collaborative and rewarding work environment has earned repeat honors from the Washington Business Journal's Best Places to Work and SmartCEO Corporate Culture awards.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.