Security Control Assessor (SCA) Test Engineer Level I, II, and III

 

In support of the Department of Homeland Security’s Cyber Security Division under the newly created Cyber and Infrastructure Security Agency, VancePoint provides specialized security services to support the Department’s critical cyber programs. The National Cybersecurity Protection System (NCPS), also known as the EINSTEIN set of capabilities, is an integrated system of intrusion detection, analytics, intrusion prevention, and information sharing capabilities that defend the federal executive branch civilian government’s IT infrastructure from cyber threats. The Enhanced Cybersecurity Services (ECS) program is a key avenue through which DHS fulfills its mission to protect U.S. based public and private entities from cybersecurity threats. ECS provides intrusion prevention capabilities that help U.S.-based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration.

 

In support of these efforts, our Security Control Assessor Test Engineer will;

  • Perform manual testing, vulnerability scans, and penetration testing

  • Perform analysis, web assessment software, vulnerability scanning, and penetration testing, and develop/deploy custom scripts

  • Apply knowledge of client/servers, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, Local Area Network (LAN), switches, and routers; Windows, Linux, Unix, and Mac OS X administration; VMware, Xen, Hyper V and other virtualization platforms.

  • Evaluate information system security readiness and supports cybersecurity functions

  • Perform onsite and remote testing of FISMA requirements

  • Perform annual assessments that support the continuous monitoring strategy for all systems with ATO

  • Provide assessment support and site visits for information systems

  • Employ test plans and procedures tailored to the security controls of the system under test

  • Develop Body Of Evidence Guidance, Rules Of Engagement, Security Assessment Plan, and Assessment/Deliverable Schedules

 

Required Skills:

  • Bachelor’s degree required and 2, 5, or 10 years of experience conducting vulnerability assessments

  • US Citizenship

  • Certifications such as Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), Offensive Security Wireless Professional (OSWP), GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), LPT CEPT, CEH

  • Experience with compliance and vulnerability scanning tools

  • Demonstrated experience in a simulated environment

  • Ability to use MS Office Suite to include Word, PowerPoint, and Excel.

  • Superior communication skills, both written and oral.

  • US Citizenship

  • A U.S. Government TS/SCI Clearance

Desired Skills:

  • Advanced degree in Computer Science, Cyber Security, Mathematics, or Engineering is highly desirable.

  • DHS Suitability and experience