Summary:

EIT has an immediate need for a Cloud Security Assessor, who is expert in Cloud Technologies, and conduct vulnerability assessments on a wide variety of client databases and applications. This is an opportunity for a team player who would like to work with a world-class team, and is eager to grow their cyber security skills.

Essential Functions

The Cloud Security Assessor is responsible to performing hands-on technical testing of the application and Databases. Conduct application/database security assessments (web application, web service, databases etc.) in federal government space for mission critical application hosted in AWS, Microsoft Azure, hybrid cloud and physical datacenter. These assessments involve manual testing utilizing testing tools, manual techniques, and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools.

Responsibilities include:

* Proficient in all aspects of Cloud Security including identity and access management, defining organizational structure and policies, using Cloud technologies to provide data protection, configuring network security defenses, collecting and analyzing logs.

* Attaining an accurate understanding of the databases, application logic and architecture.

* Performing manual security assessment testing in determining the following:

o Whether application security controls have been implemented

o Are technical controls are working as intended

o Producing the desired results

* Discover the design, implementation, and operational flaws that could violate organization's IS Policies, Standards, Procedures and Guidelines.

* Using automated tools such as Nessus, WebInspect, SNYK, SNORT, PowerShell, Nmap and Burp Suite to scan system for vulnerabilities.

* Provide technical expertise in IT Security Risk Management functions

* Enhance and perform standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO)

* Performing analysis of automated vulnerability scanning tool results to identify system vulnerabilities.

* Identifying system deviations leveraging best security practices such as NIST, and SANS.

* Documenting findings and consulting with security assessment team members to verify/corroborate system findings.

* Interviewing application system staff; and presenting application findings during the daily stakeholder briefing.

* Write assessment report of findings, debrief via conference calls to system owners and consult on remediation options.

* Retest security vulnerabilities that have been identified as fixed to verify remediation is effective.

* Contribute to security assessment, tooling, and reporting methodology enhancements.

* Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices

* Any other services as reasonably requested by EIT

Qualifications:

* Technical bachelor's degree with 8 or more years' related work experience.

* Technical Maters Degree with 6 or more years' related work experience (Technical degree defines as in Information Assurance, Cyber security, Computer science or information technology field of study)

* Must have CISSP, CEH, CCSK, AWS Architect Professional certification. Professional certifications like, CISA, Security+, CISM, CAP; CASP; CISO; CCFE are nice to have.

* Expertise with Cloud Platform (AWS and Microsoft Azure) with AWS/Cloud related Certification

* Expertise in server less technologies including containers and orchestration (Docker, Kubernetes, AWS Container service etc).

* 5+ years' experience with databases such as MS SQL, MySQL, PostgreSQL, Oracle and MangoDB and RDS etc.

* Through understanding of CDM for application security vulnerabilities and mitigation.

* Experience evaluating ATO security documentation and templates, including but not limited to SSPs, POAMs, Contingency Plans, Scoping templates

* 5+ years' experience performing application security assessments and penetration testing using manual techniques plus dynamic vulnerability testing tools (including Nessus, WebInspect, and Burp Suite, web proxies, scanners) and static code review tools to identify exploitable vulnerabilities, including testing techniques used to exploit vulnerabilities in the OWASP Top Ten lists.

* 5+ years' experience in various system administrator/engineering tasks on Windows and Linux operating systems.

* Experience with tools like SNORT, PowerShell, Python, Forensic Tools, IDS, IPS, SPLUNK and SnowFlake

* In depth Knowledge of common server applications such as IIS, Apache, LDAP, Tomcat, ssh

* In depth Knowledge of common network protocols such as HTTP/HTTPS, TCP/IP, UDP

* Ability to obtain Public Trust clearance

AAP/EEO Statement

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our customers a competitive edge, now and into the future.