General Dynamics Information Technology Cybersecurity Scanning Engineer in Arlington, Virginia
Clearance Level Must Currently Possess:
Clearance Level Must Be Able to Obtain:
No Suitability Required
GDIT is currently seeking a Cybersecurity Scanning Engineer in Rosslyn, VA. This position supports continuous network vulnerability and compliance scanning for the Department of State’s Bureau of Diplomatic Security. The duties include, but are not limited to, conducting compliance and vulnerability scans on workstations, servers, databases, web servers and DMZ assets as well as reporting metrics, generating contract required deliverables, researching cyber security issues, and providing customer service. The Enterprise Scanning team is responsible for weekly vulnerability and compliance reporting on over 120,000 assets across 300 foreign posts and hundreds of domestic locations.
Position Description Duties:
Use active vulnerability scanners to perform high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of the enterprise security posture. Support full life-cycle vulnerability and configuration management. Communicate recommendations to the responsible parties, track remediation’s and verify security patches and required configurations. Scan the entire enterprise, to include DMZs, and physically separate networks
Develop and maintain policy and SOP updates
Analyze available security information including results of configuration compliance verification, vulnerability assessment, security and system patch information, field reports, OIG reports, and intelligence information to assess the status of remote organization’s cyber security posture
Operate, maintain and configure the configuration compliance verification tool; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
Operate, maintain and configure the vulnerability assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
Operate, maintain and configure the web security assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
Maintain and operate all hardware supporting the configuration compliance verification and vulnerability assessment activities including system administration, configuration management, technical troubleshooting, backup/recovery, training and user support
Develop configuration benchmarks and vulnerability checks based on established configuration standards and CVEs (Common Vulnerabilities and Exposures) using the Security Content Automation Protocol (SCAP)
Perform liaison activities with other bureaus and offices
Support incident response, threat analysis, forensics and penetration testing teams by performing on-demand and targeted vulnerability scans
Working knowledge of and experience in the federal information systems methodology, policy, and standards environment of information security, especially in government is desirable. Excellent written and oral communications skills desired. Ability to work collaboratively with a broad range of constituencies essential. A demonstrated ability to work with diverse groups of people is required. Experience with current tools (McAfee ePolicy Orchestrator, Policy Auditor, and Rapid 7 Nexpose vulnerability Scanner and App Spider – Web URL)
Active Secret clearance required
Three years of experience in information security, information technology, or related field
Technical knowledge of information technology and cyber security standards and issues is required for this position
Center for Strategic and International Studies: Twenty Critical Controls for Effective Cyber Defense
NIST Special Publication 800-53
The CVE (Common Vulnerabilities and Exposures) standard
ITIL and ITSM methodology
Experience performing vulnerability and/or compliance scanning in an enterprise network environment
Effective written and verbal communication skills
Persistent and polite follow-up with clients in order to maintain project schedule
Problem solving and attention to detail
Desired Skills, Preferred but not required:
Certified Ethical Hacker
SANS GCIH and/or GCIA
Security+ and/or Network # of Openings:
Scheduled Weekly Hours:
T elecommuting Options:
Telecommuting Not Allowed
USA VA Arlington - 1801 N Lynn St (VAC181)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
THINK NEXT. NOW.
CSRA is tomorrow’s thinking, today. To “Think Next. Now.” is to imagine a better future and to deliver it, today. For our customers, our partners, and ultimately, all the people our mission touches, CSRA is realizing the promise of technology to change the world through next-generation thinking and meaningful results.
We understand that our customers' missions require new methods and imaginative thinking. We bring together government IT professionals, emerging technologies, and the brightest, cutting-edge advisors in the industry to deliver a broad range of innovative, next-generation IT solutions and professional services to help our customers modernize their legacy systems, protect their networks and assets, and improve the effectiveness and efficiency of mission-critical functions for our warfighters and our citizens.
Everywhere you look, CSRA is there. We’re in our nation’s infrastructure, in training and education, in cyber security, in serving veterans who served us—and, so much more. Take some time to learn more about CSRA. You might be surprised to learn how we touch your life.
We are a company of 18,000+ smart, talented individuals, yet we enjoy a start-up culture that inspires us to make a difference while delivering results in this rapidly evolving world. Join our team and use your skills and expertise to support the safety, security, health and well-being of the nation.