Web Application Tester

Overview

Job Title: Web Application Vulnerability Test Engineer

Location: Springfield, VA -Remote Work Authorized (in states FH is registered)

Clearance: Secret

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise - across the organization and around the world

Foxhole Technology is seeking a Web Application Vulnerability Test Engineer in support of a government client. The individual should be capable of cybersecurity testing activities across multiple web implementation technologies, assets, and networks. The role requires testing of web applications, web services, cloud-based services (e.g. AWS, Azure, Salesforce), APIs, source code, mobile-enabled applications. Experience in vulnerability testing of operating systems, databases, network fabric assets, cloud-based infrastructures, and wireless communications is desired. To thoroughly test these technologies, individuals must be well-versed in web-based system designs and architectures, as well as the potential vulnerabilities and weaknesses impacting those systems.

Job Description

Individuals supporting this effort should be cabable of the following:

Maintain and stay current with in-depth technical knowledge of web application, dynamic, and static security testing tools in use by the customer, and testing techniques.
• Perform automated security testing, manual validation of automated results, manual testing, and configuration validation of items not covered by automated testing, for assigned areas
• Perform analysis upon results, consolidating reports, and providing briefings to system stakeholders with varying levels of technical depth.
• Make recommendations for updates, additions, and modifications to security policies as best practices evolve and gaps in security policy are identified.
• Provide recommendations to update existing, or create new, processes and procedures to improve the security testing program.
• Engage with testing stakeholders to gather all required information needed to create detailed test plans.
• Conduct security testing using the provided automated testing tools in conjunction with manual testing, inspection, and configuration validation techniques.
• Have experience with the following primary tools: AppScan, BurpSuite, WebInspect, AppDetective, NMAP, Nessus Professional, Tenable.sc, and have the ability to adopt other tools that may be provided.
• Handle the configuration, use, and technical troubleshooting of all security testing tools, to include the creation of any customized configurations needed to complete testing engagements.
• Validate target lists and perform discovery scans of target system subnets to verify assets and identify missing or new items.
• Troubleshoot technical issues preventing successful completion of testing engagements within the scheduled time allotted for the engagement (i.e. insufficient credentials, access limitations, etc.).
• Validate, analyze, and enrich results generated by automated testing tools. Example activities include identification of false positive findings, adjustment of finding severities based on system-specific system considerations.
• Participate in findings meetings to review and provide input on the validity of system stakeholder responses to findings.
• Provide Subject Matter Expertise for a variety of topics concerning system security and vulnerabilities in a variety of formats (verbal or written).
• Work during non-core business hours, holidays, weekends, and on an as-needed basis in order to support off-hours testing, when required. This is estimated to occur approximately 30 days each year.
• Travel on a periodic basis to support remote testing when required. This is estimated to occur five (5) days each month for local sites (i.e. within fifty (50) miles of HQ), and approximately ten (10) days each quarter to sites further than fifty (50) miles.
• Support ad-hoc system testing engagements of a non-standard nature as they are identified to provide a benefit to IAD's security testing requirements.
• Additional duties as assigned in support of this security testing effort.

Minimum Requirements

• At least eight (8) years of technical IT security experience. Such experience can come from system or network administration, system development, security analysis, security testing and evaluation, security incident response, security monitoring, IT project implementation, or other similar technical activities.
• At least five (5) years of experience performing security control assessments (i.e. security testing such as security auditing, primary assessor for Security Control Assessments, etc.).
• Experience with manual scanning of web applications utilizing Burp Suite.
• Experience with NIST and FIPS security controls, DISA STIGs, and CIS standards.
• Experience working in groups acting as the sole security practitioner, as well as experience working in team(s) of various sizes of security personnel collaboratively testing the security of a system.
• As a government contractor, Foxhole Technology is subject to Executive Order 14042 - Ensuring Adequate COVID Safety Protocols for Federal Contractors. This requires that all employees supporting a government contract be fully vaccinated for COVID-19 unless the employee has an exemption based on disability or sincerely held religious belief. Foxhole Technology requires proof of your vaccination as a condition of employment.

More Information

Requirements of position: Think analytically, effective verbal and written communication skills, make decisions, observe/remember details, interpret data, concentrate on tasks, adjust to change, handle stress/emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard/type, handle confidential information, use math/calculations, stay organized, operate office equipment, may direct others. Must be able to see, have eye/hand coordination, and lift up to 10 lbs. May be exposed to dust/dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law.

Need help finding the right job?