Evolver Federal is seeking an Application and Systems Security Engineer for a multifaceted role that combines the strengths and responsibilities of an Application Security Engineer, a Systems Security Engineer, and an overall Penetration Tester and security vulnerability expert.

As an Application and Systems Security Engineer, this role will work with the GovInfo Program teams and Agency IT and Agency IT Security staff to continuously identify and mitigate security issues, as well as coordinate across teams to provide suitable evidence and documentation for security related activities. In the event of a cyberattack or other form of IT security related vulnerability identification, the Application and Systems Security Engineer will lead efforts to identify issues/breaches and bring the vulnerability to resolution.

Responsibilities

• Work as a member of the Infrastructure Team or other cross-functional teams as needed to support the GovInfo Program, and as necessary, provide off-hours support to ensure continued security availability and mitigation of high priority / identified vulnerabilities within the system.
• Manage GovInfo system security, including serving as responsible official for virus/malware incidents and coordination of responses with IT&S to correct any security events or intrusions.
• Perform internal and external vulnerability tests and threat assessments as directed by PST management, including non-destructive penetration testing, through the use of industry standard tools including but not limited to Kali Linux.
• Ensure public and internal applications, APIs, and services are designed, developed, implemented, and monitored in accordance with applicable security controls related to NIST 800-53, ISO 27001, and GPO IT Security policies.
• Design and automate penetration testing across environments to identify and resolve vulnerabilities.
• Support security related requirements for auditing, logging, and review of regular security-focused reports and logs.

• 5 years' experience as an Information Systems Security Engineering Professional (CISSP- ISSEP)
• 2 years of application security experience with Technologies utilized in GovInfo (Documentum, Solr, Spring, Drupal, Apache, and VMware)
• 2 years of experience with a security toolset (nikto, Wireshark, Matesploit. Burp Suite, Kali Linux, CIS-CAT)
• 2 years of experience in Penetration Testing, Vulnerability Prevention, DDOS Mitigation

• Working knowledge of network protocols, enterprise network hardware, Load Balancers
• Experience with test driven development, traditional waterfall and agile software development lifecycle methodologies including Scrum and Kanban
• Experience and training in maintaining ISO 27001 certification