Job Description

Description

Jacobs is currently seeking a Junior Vulnerability Management Engineer to provide support primarily in Herndon, VA. And remote. Duties include:
The Candidate will be responsible for conducting vulnerability scans at the network, operating system, database, and application levels on financial systems within this organizations enterprise.
The Junior-Level engineering candidate will be performing vulnerability scanning and analysis to eliminate false positives and to aggregate findings by specific best practice criteria.
The candidate must have experience providing recommendations for remediation and collecting evidence to verify the vulnerability no longer exists.
The candidate will be validating the vulnerabilities identified against the National Institute of Science and Technology (NIST) Framework, National Vulnerability Database (NVD) and Security Best Practice standards such as CIS Benchmarks, DISA STIGs and vendor hardening standards.
The ideal candidate will have prior experience performing full scope Risk Management processes for a federal client, to include Certification and Accreditation (C&A), FISMA Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments.
Finally, the candidate should have experience using vulnerability and security testing tools and reviewing the results from tools such as Nessus, HP WebInspect QualysGuard, AppDetective, and Burp Suite.

QUALIFICATIONS
Qualifications:
Demonstrated 3+ years of technical experience with the following techniques:
Vulnerability Scanning and Analysis
Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems
Network Switching/Routing and TCP/IP
Databases (e.g., MS SQL, Oracle, DB2)
Web application vulnerability scanners (e.g., Qualys WAS, WebInspect, AppScan)
Database vulnerability scanners (e.g., AppDetective, DbProtect)
General purpose vulnerability scanners (e.g., QualysGuard, Nessus)
Security configuration checklists (e.g., DISA STIGs, CIS Benchmarks)
NIST Special Publications (e.g., 800-53, 800-37)
Must be able to obtain Public Trust level clearance. (SF-85 and SF-86 submission required
Additional Requirements:
Certifications like CEH, CCNA, CCNP, GSEC and others are preferred.
1+ years experience and understanding of NIST 800-53, NIST 800-53A, NIST 800-30 and NIST 800-37.
1+ years prior experience performing security control assessments of all NIST 800-53 controls.
Experience configuring and using technical assessment tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, Wireshark, QualysGuard and Redseal.
1+ years of Risk Management Framework (RMF) implementation experience.
Proficiency understanding the technical architecture of IT systems built using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle and MySQL platforms.
Strong documentation and communication (written and verbal) skills.
Working knowledge of common network devices
Working knowledge of Windows and Unix operating systems
Working knowledge of common database platforms
Self-motivated and able to work in an independent manner.

Essential Functions

Physical Requirements:
Most work will be done at a desk or computer.

Work Environment:
General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.

Equipment & Machines:
General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.

Attendance:
Attendance is required during core business hours. Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.

Other Essential Functions:
Must be able to communicate effectively both verbally and in writing in the English language. Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.
Must be able to interface effectively with individuals at all levels of the organization both verbally and in writing. Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must work well under pressure to meet deadline requirements. Must be willing to travel as needed. Must take and pass a drug test and background check as well as a motor vehicle records check. Must be a US citizen.