Overview

As a security test engineer on our team, you’ll work with engineers and developers to evaluate software and systems developed for the Department of Defense. Specifically, you will apply your critical thinking and analytical skills to assess Linux systems built within a virtual or containerized environment. You’ll work on building security test plans with test cases based on Remedy and Jira change requests. Using automated and manual processes, you’ll generate data and execute the test cases to see how the software or operating system, performs against vulnerabilities. Then, document and interpret the results, communicating security risks to the development or engineering teams, so they can improve the security of the software or system. You’ll automate continuous security and performance testing and monitor health of the Assured Compliance Assessment Solution (ACAS) and other testing tools. This is an opportunity to leverage your skills by writing the code to automate security processes. You’ll also further your experience in engineering secure solutions for the testing team and explore new areas like cloud computing. 

Responsibilities

• Experience with multiple system environments, preparation of test plans and reports
• Experience with programming and scripting languages, such as Java, Python, PowerShell, or Bash, to develop automated processes and troubleshoot fix actions. 
• Knowledge of data security administration principles, methods, and techniques 
• Ability to support administration of the test networks and systems that use VMware and Linux operating systems within a virtual containerized environment. 
• DoD 8570.01 IAT II compliant Certification active within one year of expiration 
• Position of or the ability to obtain an additional computing certification in Linux 

Clearance

TS/SCI clearance is required.

Qualifications

• Understanding of containerized environments, the CI/CD pipeline, and related technologies, such as Kubernetes, Docker, or Enterprise Cloud native solutions 
• Experience with DoD vulnerability management tools ACAS, including Tenable’s Security Center/Tenable.sc, Nessus Network Monitor/Passive Vulnerability Scanner, Nessus Manager and Agent, and Nessus Scanners 
• Experience with technical writing on POA&M’s, Risk Acceptance, and IA Controls 
• Experience with DoD STIG’s and network compliance analysis 
• Knowledge of DoD policies and procedures, including DoD Risk Management Framework, ICD-503, NIST 800-53, and ISO-9001 
• Ability to learn new tools and technologies, balance multiple concurrent activities, and efficiently manage time. 
• Possession of excellent verbal and written communication skills