Dovel Technologies

  • Information Security Engineer

    Job Locations US-MD-Rockville
    ID
    2018-2774
    # of Openings
    1
    Category
    Information Technology
    Type
    Regular Full-Time
  • Overview

    Dovel Technologies, LLC provides leading edge software and application development services specializing in mission driven solutions that address complex business processes and technology challenges. We practice CMMI ML3 processes and delivery solutions and are an innovative mission oriented technology company focused on complex business and technical challenges, ensuring solutions support the achievement of your mission. Our team creates software solutions that help customers communicate, access, and store mission critical information. Dovel is instrumental in the design and implementation of some of the most mission critical and innovative systems in government today.

    Responsibilities

    Do you enjoy managing the security of computer networks which includes auditing the network for vulnerabilities, developing solutions for security issues, and investigating security breaches?

     

    Have you enforced the information security and control policies, procedures, and standards while performing risk assessments of systems, applications, and networks to identify weaknesses and ensure the effectiveness of internal controls to reduce risk to information system?

     

    Are you able to correlate data and reports from various sources, makes logical inferences about the data, and publish results for your team?

     

    If you said yes to any of these questions, we have a great career opportunity for you!

     

    Dovel Technologies is seeking an Information Security Engineer to support their recently awarded five-year $377 million contract for the GrantSolutions Center of Excellence (under HHS) located in Rockville, MD.

     

    You will be responsible for (high level):

     

    • Plan, execute and oversee remediation activities for valid vulnerabilities which are identified using Application Scanning tools
    • Collaborate with developers creating a culture of security consciousness
    • Effectively communicate with Business Operations and other functional areas on web application vulnerabilities
    • Create and manage a business process to ensure all vulnerabilities are remediated within the required 30 (Critical/High), 60 (Moderate), and 90 (Low) days to correct identified weaknesses

    Qualifications

    • BS degree and 7-8 years application security experience or an equivalent combination of education and training that provides the required knowledge, skills and abilities
    • 3-5 years of hands-on technical experience with testing of web applications in Java or .NET
    • Seasoned experience using DAST tools to detect potential vulnerabilities such as HP WebInspect, Zap, Burp
    • Significant experience with application scanning to identify security vulnerabilities in the web application and architectural weaknesses
    • Proven ability to draw upon professional concepts to collaborate with others carrying out assigned duties
    • Desire to question and challenge the validity of given procedures and processes with the intent to enhance and improve
    • Technically skilled with Linux and AWS environments with the capability and passion to quickly learn new tools
    • Ability to obtain and maintain a Public Trust Clearance.

    Desired Skills:

    • Ethical hacking certifications: GIAC GWAPT, GSSP, or GWEB.
    • CISSP certification (strongly desired)
    • Experience in managing security in AWS environment
    • Hands-on experience with Tenable Security Suite, HP WebInspect and Sonatype tools.
    • Experience with SAST tools to extent that guidance can be provided to the development team on implementation and use.
    • Familiarity with infrastructure scanning tools such as Nessus and vulnerability remediation guidance.
    • Successful skills and abilities using oral and written communication methods and techniques to accomplish coordination with IT program managers, customers, etc. and prepare and present briefings to senior IT staff on complex IT security issues.
    • Knowledge of NIST information security policies, vulnerabilities of computer and data communications systems, and the basic tools and practices for protecting information systems.
    • Capability to perform incident handling; monitoring, identifying, remediation, and reporting.
    • Assist in the execution of the annual SSAE 18 audit, Federal CFO audit , Federal A123 audit as well as on-demand company requested audits
    • Proven ability to handle multiple tasks, and ability to be flexible, creative, showing initiative and being a tenacious team player.

    Dovel Technologies is an Equal Opportunity Employer Minorities/Females/Veterans/Disabled

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed