Apps and Server Vulnerability Engineer

Job Title

Apps and Server Vulnerability Engineer

Location

Hybrid in Washington, DC (Local to DC / MD / VA only)

Employment Type

Long Term contract ( C2C / W2 )

Key Responsibilities

• Conduct vulnerability assessments of web applications, mobile applications, and servers using both manual and automated tools.
• Perform penetration testing to identify potential weaknesses and vulnerabilities.
• Analyze security vulnerabilities and develop remediation plans.
• Work with development teams to ensure the implementation of security best practices.
• Stay current with emerging security threats, vulnerabilities, and industry trends.
• Produce reports outlining findings and recommended remediation steps.
• Communicate security risks and solutions to both technical and non-technical stakeholders.
• Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
• Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.
• Develops, leads, and executes information security incident response plans.
• Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
• May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.

Requirements

• Bachelor's degree in computer science, Information Security, or related field.
• At least 3 years of experience in application and server vulnerability assessment.
• Experience with vulnerability scanning tools such as Nessus, Qualys, or OpenVAS.
• Experience with web application security testing tools such as Metasploit, Burp Suite, or Kali Linux.
• Knowledge of OWASP Top 10 and CWE/SANS Top 25.
• Experience with programming languages such as Python, Ruby, or Perl.
• Strong understanding of security vulnerabilities and remediation techniques.
• Excellent written and verbal communication skills.
• Ability to work independently or in a team environment.
• Willingness to work on-site 3 days a week.

Minimum Education/Certification Requirements

• BS Degree in IT, Cybersecurity, or Engineering, or equivalent experience.