Engineering lead will participate in Security Certification & Accreditation Assessments, Security Assessments and Penetration Testing on Agency Systems.

Responsibilities to include; System documentation review, validation of process and procedures, Vulnerability Assessments and Penetration Testing. They will also be required to write test penetration plans as well as document the results for the technical and non technical audience.

Additional Responsibilities will include; analyze and evaluation of proposed security architectures for new IT Systems and networks. Work with C&A Authorities to define appropriate system and network security requirements.

Basic Qualifications

Must hold a current Top Secret Security Clearance with a current background investigation.

A Bachelors Degree and Minimum of 4 years experience developing Enterprise level web applications and public/private websites for commercial and or Government clients.

Non Degreed applicants must have a minimum of 8 years working experience and education to qualify

CISSP or GIAC certs strongly desired
MCSE,CNE or CCDP a plus

Also desired is Familiarity with NIST 800-53 and DCID/63 certification Methodology, terminology, formats and differences.

Strong Pluses;
Experience conducting security Assessments and penetration testing on web applications using mixture of open source and commercial tools including, Webinspect,Run-Live, OS's( Black Track), Web scarab, Paros, Wire shark, Nikto, Metasploit,ETC. Experience with traditional Vulnerability assessment and penetration testing tools:NMAP,NESSUS,ISS,STAT from harris, Retina, from eEye, SRR from DISA, Snort etc.


Expertise in Java/J2EE
SA Level experience in one or more flavors of Unix; Solaris,Linux,TSOL

SA Level Experience with web servers and application server technologies

Experience with: JSP,ASP,.NET,AJAX,FLASH,XML,SOAP,PHP,JAVASCRIPT,UNIX Shell Scripting, PERL, SQL, HTTP, TCP/IP.

Strong Working Knowledge of network and data communications and relational database technologies