Thursday, 15 November 2018

System Security Specialist - Baltimore, MD

Duration: 3 years

Duties / Responsibilities:

  • Conduct Static and Dynamic Application code and security vulnerability testing.
  • Conduct Penetration testing on Enterprise applications and recommend remediation using available tools and technologies. 
  • Educate and support application developers and administrators in fixing security vulnerability issues in all tiers of applications including network, database and web/application servers.
  • Incident Response and Forensics evaluation using security information and event management (SIEM) tools
  • Work with Systems and Network Administrators to evaluate and enforce security controls and hardening rules as determined by industry standards for state and federal security compliance requirements.
  • Integrate applications with SIEM tools and log aggregation / analysis tools such as Splunk.
  • Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle.
  • Conduct daily/weekly security audit log reviews and report any suspicious activities.
  • Conduct security impact analysis of controls on proposed system changes.
  • Conduct ongoing security reviews and tests of the MHBE systems to periodically verify that security and operating controls are functional and effective.
  • Review and update systems security documentation and artifacts such as SSP, ISRA, PIA, SSR, CAP and POA&Ms.
  • Create and track POA&M requirements for resolving security findings.
  • Adhere to all security, change control and MHBE Project Management Office (PMO) policies, processes and methodologies.

Minimum Qualifications:

  • A minimum of eight (8) years of experience in analysis and definition of system security requirements.
  • A minimum of five (5) years of experience in performing static analysis of applications using different tools and technologies such as Fortify, AppScan, Veracode, SonarQube.
  • A minimum of five (5) years of experience in performing dynamic / customized security analysis of web applications using various tools and technologies to perform penetration testing and identify vulnerabilities/security issues and suggesting remedial measures.
  • A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
  • A minimum of two (2) years of experience working with Web Application Firewall (WAF), Content Delivery Network (CDN) tools such as Akamai, Incapsula, AWS WAF, Cloudflare.
  • Active CISM, CISSP, CISA, or other Security Certifications
  • Experience in performing Security Incident Response and Forensics evaluation with SIEM Tools.

 

Thanks,

Samiksha

Edify Technologies, Inc.

(630) 812-0152 (Direct)
samiksha@edifytech.com
www.edifytech.com

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)