Government Security
Network Security Resources

Jump to content


Web Application Test Engineer Needed

- - - - - firewall sql mysql cryptography patch antivirus web app web application
  • Please log in to reply
No replies to this topic

#1 amasters



  • Members
  • 0 posts

Posted 12 September 2008 - 06:09 AM

Title: Web Application Test Engineer

Location: Arlington, VA

Client/Employer: To be disclosed.

Compensation: Competitive

>>>Required clearance: TOP SECRET

Benefits - Full

Relocation Assistance Available - Yes

Interview Travel Reimbursed - Yes

The Ideal Candidate

5+ to 7 years of experience

Management Experience Required - No

Minimum Education - Bachelor's Degree

Willingness to Travel Never


Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

- Provide consulting services, as a member of a team of security engineers, to the Information Technology Security Division (ITSD) within the Transportation Security Administration (TSA).

- Serve as a Subject Matter Expert (SME) on application and network security topics

- Perform risk and vulnerability assessments, penetration tests and potential incident response, especially relating to applications/databases; analyze results and make recommendations

- Assist in the development, configuration and C&A of various systems (especially relating to applications/databases) to ensure adequate security of high performance, highly available, and mission critical applications

- Providing advisory services regarding the procurement of application/database technologies

- Assist in designing, establishing and maintaining various other security products and technologies, to include firewalls, intrusion detection systems, antivirus, patch management systems, etc.

- Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the ITSD.

- SSCP preferred but not required.


- Requires 5 years of information security experience.

- Should have extensive experience with cyber security threats and vulnerabilities.


- Input Validation

- SQL Injection

- Cross Site Scripting

- Buffer Overflows

- Should have experience in Oracle and SQL Server; experience with additional DBMS, such as MySQL and PostgreSQL, is preferred.

- Strong interest in IT security.

- Familiar with FISMA and government C&A.


- Experience with various principles of IT security, such as access control, business continuity and disaster recovery planning, cryptography, risk management, security architecture and design, telecommunications and network security, etc.

- Experience with various operating systems (Windows, Linux, Unix), networking technologies, routers, switches, firewalls, VPNs, HIDS, NIDS, patch management systems, as well as intimate knowledge of TCP/IP, HTTP/S and many other protocols.

- Experience with various web security assessment tools, such as WebInspect, AppDetective, Nikto, Paros, WebScarab.

- Experience with other security assessment tools, such as ISS, Nessus, Core Impact, Metasploit, nmap, Wireshark/Ethereal, Kismet, John, TCPDump.

- Must have excellent communications skills (oral and written)



Also tagged with one or more of these keywords: firewall, sql, mysql, cryptography, patch, antivirus, web app, web application