Application and System Security Engineer
Washington, DC, DC, USA
Applications have closed
Evolver
Evolver develops IT transformation & cybersecurity solutions - Scalable tech solutions for government agencies and modern enterprises.Evolver Federal is seeking an Application and Systems Security Engineer for a multifaceted role that combines the strengths and responsibilities of an Application Security Engineer, a Systems Security Engineer, and an overall Penetration Tester and security vulnerability expert.
As an Application and Systems Security Engineer, this role will work with the GovInfo Program teams and Agency IT and Agency IT Security staff to continuously identify and mitigate security issues, as well as coordinate across teams to provide suitable evidence and documentation for security related activities. In the event of a cyberattack or other form of IT security related vulnerability identification, the Application and Systems Security Engineer will lead efforts to identify issues/breaches and bring the vulnerability to resolution.
Responsibilities
- Work as a member of the Infrastructure Team or other cross-functional teams as needed to support the GovInfo Program, and as necessary, provide off-hours support to ensure continued security availability and mitigation of high priority / identified vulnerabilities within the system.
- Manage GovInfo system security, including serving as responsible official for virus/malware incidents and coordination of responses with IT&S to correct any security events or intrusions.
- Perform internal and external vulnerability tests and threat assessments as directed by PST management, including non-destructive penetration testing, through the use of industry standard tools including but not limited to Kali Linux.
- Ensure public and internal applications, APIs, and services are designed, developed, implemented, and monitored in accordance with applicable security controls related to NIST 800-53, ISO 27001, and GPO IT Security policies.
- Design and automate penetration testing across environments to identify and resolve vulnerabilities.
- Support security related requirements for auditing, logging, and review of regular security-focused reports and logs.
Basic Requirements:
- 5 years' experience as an Information Systems Security Engineering Professional (CISSP- ISSEP)
- 2 years of application security experience with Technologies utilized in GovInfo (Documentum, Solr, Spring, Drupal, Apache, Apache, and VMware)
- 2 years of experience with a security toolset (nikto, Wireshark, Matesploit. Burp Suite, Kali Linux, CIS-CAT)
- 2 years of experience in Penetration Testing, Vulnerability Prevention, DDOS Mitigation
Preferred Requirements:
- Working knowledge of network protocols, enterprise network hardware, Load Balancers
- Experience with test driven development, traditional waterfall and agile software development lifecycle methodologies including Scrum and Kanban
- Experience and training in maintaining ISO 27001 certification
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security Audits Burp Suite CISSP DDoS ISO 27001 ISSE Kali Kanban Linux Malware NIST NIST 800-53 Pentesting Scrum SDLC VMware Vulnerabilities
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs