IT Security Specialist

Peraton is currently seeking skilled and qualified candidates for our IT Security Specialist position supporting the US OIG Postal Service in Arlington, VA. The IT Security Specialist is responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design and serves as a technical expert authority. The OIG’s information resources are sensitive assets and are critical in the performance of its mission; therefore, information security services help safeguard the information resources entrusted to the OIG.

Day to Day Work Duties:

• Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information
• Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting
• Administers cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
• Manages security incident detection, response, remediation.
• Conducts cyber threat and vulnerability analysis and remediation.
• Develop security metrics and manages reporting and compliance.
• Serves as Incident Response Team member.
• Supports operational implementation of FISMA/NIST standards and industry best practices.
• Operates cloud-based security tools such as, Azure Security Center

Basic Qualifications:

• Bachelor’s degree in cybersecurity/information technology or related field with 5+ years’ experience.
• Ability to obtain and maintain a Public Trust security clearance.
• U.S. Citizenship with no more than six months outside travel of the U.S. during this time frame and must have resided in the U.S. the past five years.
• Must have hands-on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode
• Must have specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices
• Must have specialized experience in manual code review with the ability to identify potential vulnerabilities and best coding practices
• Must have specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise
• Must have specialized experience in assessing application vulnerabilities and bugs in various applications
• Must have specialized experience creating security testing pipelines and test plans
• Must have specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments
• Must have knowledge of coding languages such as Java, .NET, Python, PHP, C++, C#
• Must have extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts
• Currently Industry Certifications in one or more of the following (or equivalent):
  • Certified Secure Software Lifecyle Professional (CSSLP)
  • Certified Cloud Security Professional (CCSP)
  • Offensive Security Certified Professional (OSCP)
  • EC-Council Certified Application Security Engineer (CASE)
  • GIAC Certified Web Application Defender (GWEB)
  • Azure Developer Associate

Preferred Qualifications:

• Master’s degree in cybersecurity or related field