Database Cloud Security Assessor

Supporting NIS CMS
Fully Remote - Candidate must reside in the DC Metro Area

Rate: 150k-175k

Marathon TS is seeking a Database Cloud Security Assessor, who is an expert in Cloud database technologies, and conduct vulnerability assessments on a wide variety of client databases and applications. This is an opportunity for a team player who would like to work with a world-class team and is eager to grow their cyber security skills.

Essential Functions

The Database Cloud Security Assessor is responsible for performing hands-on technical testing of the application and Databases. Conduct application/database security assessments (web application, web service, databases etc.) in federal government space for mission critical application hosted in AWS, Microsoft Azure, hybrid cloud and physical datacenter. These assessments involve manual testing utilizing testing tools, manual techniques, and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools.

Responsibilities include:

• Proficient in all aspects of Cloud Security including identity and access management, defining organizational structure and policies, using Cloud technologies to provide data protection, configuring network security defenses, collecting, and analyzing logs.
• Attaining an accurate understanding of the databases, application logic and architecture.
• Performing manual security assessment testing in determining the following:

o Whether application security controls have been implemented.
o Testing technical controls to ensure they are working as intended.

• Client the design, implementation, and operational flaws that could violate organization's IS Policies, Standards, Procedures and Guidelines.
• Using automated tools such as Nessus, WebInspect, SNYK, SNORT, PowerShell, Nmap and Burp Suite to scan system for vulnerabilities.
• Provide technical expertise in IT Security Risk Management functions
• Enhance and perform standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO)
• Performing analysis of automated vulnerability scanning tool results to identify system vulnerabilities.
• Identifying system deviations leveraging best security practices such as NIST, and SANS.
• Documenting findings and consulting with security assessment team members to verify/corroborate system findings.
• Interviewing application system staff; and presenting application findings during the daily stakeholder briefing.
• Write assessment report of findings, debrief via conference calls to system owners and consult on remediation options.
• Retest security vulnerabilities that have been identified as fixed to verify remediation is effective.
• Contribute to security assessment, tooling, and reporting methodology enhancements.
• Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
• Any other services as reasonably requested by the client

Qualifications:

• Technical bachelor's degree with 10 or more years' related work experience.
• Technical Masters Degree with 7 or more years' related work experience (Technical degree defines as in Information Assurance, Cyber security, Computer science or information technology field of study)
• Must have AWS Architect professional certification. Ideally the candidate will also have a security related certification (for example): CISSP, CEH, CCSK, CISA, Security+, CISM, CAP; CASP; CISO; CCFE etc.
• Expertise with Cloud Platform (AWS and Microsoft Azure) with AWS/Cloud related Certification
• Expertise in server less technologies including containers and orchestration (Docker, Kubernetes, AWS Container service etc).
• 5+ years' experience with databases such as MS SQL, MySQL, PostgreSQL, Oracle and MangoDB and RDS etc.
• Thorough understanding of CDM for application security vulnerabilities and mitigation.
• Experience evaluating ATO security documentation and templates, including but not limited to SSPs, POAMs, Contingency Plans, Scoping templates
• 5+ years' experience performing application security assessments and penetration testing using manual techniques plus dynamic vulnerability testing tools (including Nessus, WebInspect, and Burp Suite, web proxies, scanners) and static code review tools to identify exploitable vulnerabilities, including testing techniques used to exploit vulnerabilities in the OWASP Top Ten lists.
• 5+ years' experience in various system administrator/engineering tasks on Windows and Linux operating systems.
• Experience with tools like SNORT, PowerShell, Python, Forensic Tools, IDS, IPS, SPLUNK and SnowFlake
• In depth Knowledge of common server applications such as IIS, Apache, LDAP, Tomcat, ssh
• In depth Knowledge of common network protocols such as HTTP/HTTPS, TCP/IP, UDP
• Ability to obtain Public Trust clearance

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").

Job Type: Full-time

Pay: $150,000.00 - $175,000.00 per year

Schedule:

• 8 hour shift

Application Question(s):

• This position has a clearance requirement that all candidates must be a US Citizen or possess a Green Card and be able to obtain a NIH Public Trust. Do you meet this requirement?
• Do you live within the DC Metro area?

Education:

• Bachelor's (Required)

Experience:

• related professional: 10 years (Required)
• Database (MS SQL, MySQL, PostgreSQL, Oracle etc..: 5 years (Required)
• application security assessments and penetration testing: 5 years (Required)

License/Certification:

• AWS Architect - Professional (Required)
• CISSP/CEH/CCSK/CISA/Security+/CISM/CAP/CASP/CISO/CCFE (Required)

Work Location: Remote

Please Note :
ajayjain.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, ajayjain.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.