Jacobs National Security Solutions (NSS) is looking for a Junior Vulnerability Management Engineer to provide support in Herndon, VA.
Duties will include:
• The Candidate will be responsible for conducting vulnerability scans at the
network, operating system, database, and application levels on financial
systems within this organizations enterprise.
• The candidate will be performing vulnerability scanning and analysis to
eliminate false positives and to aggregate findings by specific best practice
• The candidate must have experience providing recommendations for
remediation and collecting evidence to verify the vulnerability no longer
• The candidate will be validating the vulnerabilities identified against the
National Institute of Science and Technology (NIST) Framework, National
Vulnerability Database (NVD) and Security Best Practice standards such
as CIS Benchmarks, DISA STIGs and vendor hardening standards.
• The ideal candidate will have prior experience performing full scope Risk
Management processes for a federal client, to include Certification and
Accreditation (C&A), FISMA Self Assessments, Technical Assessments
(Vulnerability analysis, penetration testing), and Risk Assessments.
• The candidate should have experience using vulnerability and security
testing tools and reviewing the results from tools such as Nessus, HP
WebInspect, QualysGuard, AppDetective, and Burp Suite.
Here's What You'll Need:
Demonstrated 1+years of technical experience with the following techniques or substitute education for years of experience:
• Vulnerability Scanning and Analysis
• Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems
• Network Switching/Routing and TCP/IP
• Databases (e.g., MS SQL, Oracle, DB2)
• Web application vulnerability scanners (e.g., Qualys WAS, WebInspect,
• Database vulnerability scanners (e.g., AppDetective, DbProtect)
• General purpose vulnerability scanners (e.g., QualysGuard, Nessus)
• Security configuration checklists (e.g., DISA STIGs, CIS Benchmarks)
• NIST Special Publications (e.g., 800-53, 800-37)
• Certifications like CEH, CCNA, CCNP, GSEC and others are preferred.
• 1+ years experience or substitute education for years of experience and
understanding of NIST 800-53, NIST 800- 3A,NIST 800-30 and NIST 800-
• 1+ years prior experience performing security control assessments of all
NIST 800-53 controls or substitute education for years of experience.
• Experience configuring and using technical assessment tools such as
Nessus, HP WebInspect, AppDetective, BurpSuite, Wireshark,
QualysGuard and Redseal.
• 1+ years of Risk Management Framework (RMF) implementation
experience or substitute education for years of experience.
• Proficiency understanding the technical architecture of IT systems built
using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle and MySQL
• Strong documentation and communication (written and verbal) skills.
• Working knowledge of common network devices
• Working knowledge of Windows and Unix operating systems
• Working knowledge of common database platforms
• Self-motivated and able to work in an independent manner.
• Must be able to obtain “Public Trust” level clearance. (SF-85 and SF-86
Most work will be done at a desk or computer.
General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.
Equipment & Machines:
General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.
Attendance is critical at all times. Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.
Other Essential Functions:
Must be able to communicate effectively both verbally and in writing.
Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.
Must be able to interface with individuals at all levels of the organization both verbally and in writing. Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must work well under pressure to meet deadline requirements. Must be willing to travel as needed. Must take and pass a drug test and background check as well as a motor vehicle records check. Must be a US citizen.
Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws and supplemental language.
: United States-Virginia-Herndon-20364-VAD7
: Dec 1, 2020, 6:59:33 PM
: Information Technology
Job Classification: Full-Time Regular
2551 Dulles View Drive
Capabilities: Cyber Security