Senior Web Application Security Tester

Acuity Inc Reston , VA 20190

Posted 3 months ago

Overview

Acuity, Inc. seeks a dynamic, self-motivated Senior Web Application Security Tester with experience testing mission critical systems serving national security missions.. You will be driven to excel in a dynamic project-oriented environment collaborating with a team of multi-disciplinary professionals. Your expertise will be critical to meeting our client's needs and expectations.

Responsibilities

  • Maintain and stay current with web application security testing tools and testing techniques to perform automated and manual security testing of web applications and web-services

  • Become, and remain, familiar security policies and Technical Standards relating to web applications and web application development to facilitate effective security assessments

  • Deliver recommendations for updates, additions, and modifications to security policy as gaps or deficiencies in security policy are identified

  • Provide recommendations to update existing, or create new, processes and procedures to improve security testing practices

  • Engage with testing engagement stakeholders to gather all required information needed to create detailed test plans

  • Conduct security testing of web applications and services (and other web-related assets) using HP WebInspect, IBM/HCL AppScan, Portswigger BurpSuite, SmartBear SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Eclipse, and Wireshark

  • Review application stakeholder responses to web application security findings identified during security testing engagements

  • Participate in findings meetings to review and provide input on the validity of application stakeholder responses to findings.

  • Provide support for external security audits; such support would include items such as: providing technical insight into data calls required by external Federal entities, offering technical information to facilitate external auditors work, or validating findings identified in external audit reports.

Qualifications

  • At least eight (8) years of technical IT security experience. Such experience can come from system or network administration, security analysis, security testing and evaluation, security incident response, security monitoring, IT project implementation, or other similar technical activities

  • At least five (5) years of experience performing security control assessments

  • Experience with NIST and FIPS security controls, DISA STIGs, and CIS standards.

  • Experience working in groups acting as the sole security practitioner, as well as experience working in team(s) of various sizes of security personnel reviewing the same system

  • At least three (3) years of experience performing web application security testing

  • At least one (1) year of experience performing security testing of Federal IT systems

  • Experience using HP WebInspect, IBM/HCL AppScan, Portswigger BurpSuite, SmartBear SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Eclipse, and Wireshark

  • Experience with contributing to the delivery of testing artifacts, including automated testing plans, performance test plans, test reports, UAT plans, and traceability matrices

  • Experience with analyzing and documenting software test results

Clearance Requirements:

  • Secret Clearance required

About Acuity, Inc

Acuity is a leading management and technology consulting firm that specializes in serving the federal government. Our innovative, collaborative and rewarding work environment has earned repeat honors from the Washington Business Journal's Best Places to Work and SmartCEO Corporate Culture awards.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Program Manager Security CTJ

Microsoft Corporation

Posted Yesterday

VIEW JOBS 11/24/2020 12:00:00 AM 2021-02-22T00:00 Azure is the fastest-growing business in Microsoft's history and is the foundation of Microsoft's Cloud Services. Continuing this success, Azure has a rapidly growing government business and is driving adoption of its hyper-scale cloud by delivering breakthrough innovation and security. With world-class security, protection, and compliance, government agencies can accelerate the migration of critical workloads with confidence and leverage a vast network of Microsoft's technology partners and diverse marketplace offerings to advance their missions and serve and protect their citizens. Required: * Experience applying information protection and operational security (OPSEC) frameworks and maturity models to enterprise programs and ability to work across diverse stakeholder teams in challenging and dynamic operational environments * 5+ years of experience in applying government standards (e.g., NISPOM, ICD 503, NIST 800-171) and regulatory compliance to programs and drive process, procedure, and technology change and success * The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination. * Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment. * Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter Preferred: * Demonstrated ability to perform analytical actions within a cross-functional team to support confidential insider threat analysis, audits, and investigations * Experience with User Activity Management, and auditing tools including solution design, implementation, and operational execution * BS or Master's Degree in computer science, a related field, or equivalent experience Candidates must be willing to travel 10-25% Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work. As a Senior Program Manager within the Sovereign Integrity team, position responsibilities include: * Develop and refine enterprise-wide security program objectives, policies, procedures, and coordination methods to enable the protection of information, content and communications within secure work environments * Conduct threat assessments to identify potential risk factors posed by external threat actors, and cleared vendors and employees * Provide innovative methods, best practices and solutions to segment information access based on need-to-know using role-based and attribute based access control * Develop success criteria and processes to gauge and measure program compliance and effectiveness and communicate risk analysis, trends, and weaknesses to key stakeholders * Correlate operational information from audit collection and data analytics and compile results to support KPI reporting and risk analysis Microsoft Corporation Reston VA

Senior Web Application Security Tester

Acuity Inc