SVD Solutions is focused on providing comprehensive Information Security/Assurance advisory services to Senior Executives of government and commercial organizations. We are an intelligence-driven management consulting firm that leverages its expertise in security to ensure that executive, organizational, and technical goals and objectives are fully achieved. At SVD Solutions, our core competency is focused on all security matters; from IT Security Surveillance to Intelligence Handling, Incident Response to Forensics, and from Physical Security to Investigations, we handle it all.

SVD Solutions is seeking a qualified security-focused professional that can help our federal client achieve mission success through expert level risk avoidance. The ideal candidate will have hands-on experience leading IT security efforts for federal clients and be able to foster a corporate culture of IT security acceptance through interdepartmental relationship building. The candidate will be challenged to assess systems for successful implementation of defense-in-depth techniques, including both process and technical based, on a daily basis securing National Security Systems. All work will be performed on site in the NOVA/DC Metro Area with limited/occasional local travel as necessary. All travel costs are reimbursable per contract terms.

The ideal candidate possess experience performing both red and blue team penetration tests, both with the assistance of automated vulnerability assessment tools and through manual validation/exploitation skills. Technical acumen with specific technologies is preferred, with a specialty focus in an area such as databases, web technologies, operating systems, network, or other specific IT areas. Specialists and focused area skill sets are preferred for the positions available. A skills assessment will be given on a pass/fail basis prior to offer. Must declare areas of special expertise prior to skills assessment.

Seeking Individuals with Experience:

• Performing the responsibilities of a Federal Information Systems Penetration Tester and/or Vulnerability Assessor
• Delivering high-quality analysis of both technical and process related security controls to support the overall security of National Security Systems while also achieving compliance to all Federal regulations and mandates
• Performing technical assessments, continuous monitoring, analysis, tracking and reporting of security control implementation and effectiveness using quantitative and metrics based methodologies
• Assessing the IA posture of enclave-level information systems and enclave-wide IA services and supporting infrastructures through a combination of self-assessments, independent assessments and audits, formal testing and certification activities, host and network vulnerability or penetration testing, and IA program reviews.
• Applying the NIST Risk Management Framework and NIST SP 800-37, 53, and 118
• Detection of vulnerabilities leveraging industry tools, open source tools, code review and/or deep packet inspection
• Analyzing and recommending remediation of weaknesses while working with system administrators and other personnel in the organization to implement risk mitigation
• Intermediate to advanced understanding of networking protocols and operating systems (windows and UNIX-based)
• Understanding of OWASP Top 10
• Ability to manually assess the security posture of system or application (e.g., testing a web application for Cross-site scripting)
• Mainframes (z/OS)
• Cross-Domain Solutions
• Programming and Scripting Languages (e.g., C++, Python, Java, .NET, and JavaScript)
• Virtualization Technologies
• Port, Protocol, and Service enumeration using tools such as NMap, Masscan, Unicornscan
• Operating System vulnerability assessment tools such as: Tenable Nessus/SecurtiyCenter and Nexpose
• Web Application testing: BurpSuite, ZAP, Nikto, Dirbuster, SQLMap, HP WebInspect, App Scan
• Database: Application Security, Inc. AppDetective and IBM Gardium
• Penetrating testing: Penetration testing Linux-distrol (e.g., Backbox and Matriux Linux)

Other Requirements:

• Must have exceptional writing capabilities to document vulnerabilities and mitigations of both technical and process security controls
• Must be able to articulate risk mitigations and answer IT Security questions in a professional manner
• Must have at least 6-10 years working in a dedicated IT Security Assessment/Penetration Testing role or a Bachelor’s Degree in a related field
• Must be a U.S. Citizen and possess and maintain an active Top Secret Clearance prior to accepting a position (no sponsorship from a lower clearance level available for this engagement)
• Having passed a Full Scope (FS) or Counterintelligence (CI) Polygraph is a plus
• Must have certifications in at least one (1) of the following: (ISC)2 CISSP, GIAC, GCIA, or GCIH
• Experience working with the Intelligence Community is a plus

Please review the requirements carefully before applying and submitting your resume. Please ensure applicable experience appears on resume.