Wednesday, February 6, 2008

Sr Security Engineer

**U.S. Citizenship is REQUIRED - No H1B Candidates**

DESCRIPTION:

This is a high-level Senior Security Engineer position which requires in-depth hacker incident detection, investigation and prevention across a large government customer network.

Specific responsibilities of the Government Security Team include:

o Supporting the 7x24 Security Operations Center (SOC) with security incident handling. (SOC is in a different location.) A real-time log of observed security events is published and available in real-time throughout the federal government organization.
o Correlation and analysis of security inputs from multiple sources including but not limited to IDS/IPS consoles, firewall logs, real time packet traces, host logs, for profit intelligence services.
o Vulnerability management. Using multiple tools such as the ISS Enterprise Scanner, MetaSploit, Core-Impact, WebInspect and custom developed tools, perform an iterative technique of testing, notifying, escalating and retesting to manage a vulnerability detection and remediation program for the customer. The vulnerability management program includes custom remediation advice for System Administrators.
o Linux and Windows web service and server support, to include building servers and recommending to customers methods to secure web servers.
o Management hotspots detailing serious security incidents detected at the National Gateways.
o Change management of key security configuration items such as documentation, firewall policy and IDS/IPS signature sets.
o Patch management with audit trail support for infrastructure servers installed at that National Gateways.
o Publish weekly significant actions and monthly summaries of detected activity and responses.
o Implementation of an extensible secure knowledge base that details specific threats, security controls and procedures.
Required & Desired Skill Sets:
o This position is located in Washington, DC near Union Station (accessible by train, light rail & metro). Individual will work on-site with the customer on projects.
o There is NO Government security clearance requirement (candidate is subject to Sprint's background employment check)
0 The work hours are: arrive between 7am and 9am and work 5 days a week OR work an AWS (Alternate Work Schedule)¿9 hours/day and have every other Friday or Monday off.
0 The Senior Security Engineer candidate must have a minimum of four years in the network security field, within the focused security arena of intrusion detection.
0 The Engineer must have hands-on working skills in the use and administration of security tools to include the

1) Internet Security Systems (ISS) RealSecure product line and/or the Cisco Intrusion Prevention System (IPS) product line,
2) the use of MetaSploit and
3) WebInspect.

o Experience in working with, supporting and troubleshooting Linux and Windows web servers and securing web services is desired.

o Five years of HANDS-ON WORK Experience in network security.

o Other Requirements. Scripting programming experience

o Education Requirements: No 4-year College Degree required

o Preferred: CISSP, GIAC or other security certifications.