The Senior Security Engineer will work in KCG's Cyber Attack Penetration Division supporting federal and commercial clients. This versatile position will involve conducting federal security assessments and deploying enterprise solutions for commercial clients. In this important role, the Senior Security Engineer will get an opportunity to evaluate the technical security controls for federal agencies, deploy security solutions for Fortune 1000 corporations, and make a difference in securing critical systems.
- Conduct NIST technical security assessments for federal clients.
- Deploy enterprise solutions for commercial clients (e.g., Nexpose).
- Conduct training on how to use technical solutions.
- Identify technical infrastructure/components under scope for technical testing
- Prepare rules of engagements (ROE)/ Technical Evaluation Plan (TEP)for different federal asseessments.
- Identify tools and resources required to complete the techncial assessments.
- Communicate with customer and KCG management to resolve conflicts and techncial issues before conducting testing testing.
- Complete technical testing and communicate results and risk with customer.
- Develop technical report for technical and executive audience
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level. Active clearance is preferred.
Demonstrated technical experience with:
- Proficient in Windows and Linux operating systems
- Proficient in nmap scanning (Slow Scans, Service detection, OS detection, namp Scipts)
- Working knowledge of web aplication scanning tools (Burp, Nikto, Zap) and interpreting results.
- Working knowledge of vulnerability scanners (Nexpose, Nessus) and interpreting results.
- Working knowledge of using Nipper (network infrastructure parser) for different networ devices and interpreting results.
- Working knowledge of using database scanning tools (Appdetective, Scuba) and interpreting results.
Ability to complete manual configuration review for different operating system (Linux, Solaris, Windos XP, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2012) based on the CIS benchmarks
Ability to complete manual configuration review for different database servers (MySql, MSSQL, Oracle) based on the CIS benchmarks.
Ability to complete manual configuration review for web application based on the OWASP and NIST guidelines.
Must also have:
- Five plus years of experience in information security
- Experience with NIST 800 Special Publications.
- Proficient in SQL.
Technical writing experience (required):
- Security assessment reports
- Technical evaluation plans
- Technical reports for technical audience (System Admin, Network Admin, Database Admin, Application Developers)
- Technical reports for executive audience (System Owner, ISSO)
- Excellent written and oral communication skills.
- Self motivated, entrepreneurial spirit, and able to work in an independent manner.
- Strong customer service skills.
- Team player should be able to work with senior and junior team members
- Ability to multitask, meet deadlines, and work under pressure for multiple projects/customers