Security Testing Engineer

Job Title: Security Testing Engineer

Location: Springfield, VA (Hybrid)

Clearance: Secret

Discover an exciting career at Foxhole Technology, an innovative IT Engineering firm founded in 2007. As leaders in cybersecurity, DEVSEC OPS, Agile Developemnt, Cloud and IT support for federal civilian and defense agencies, we're at the forefront of addressing complex technology challenges. Our talented employee-owners provide agile, scalable solutions, bridging operational gaps, operating critical systems, and securing enterprises worldwide. If you're ready to be part of a team driving impactful innovations, apply today and shape the future of IT with us!

Foxhole Technology is seeking a Security Testing Engineer in support of a government client. The individual should be capable of cybersecurity testing activities across multiple technologies, assets, and networks. The effort requires testing of operating systems, databases, network fabric assets, web applications and services, source code, wireless communications, and emerging cloud solutions. To thoroughly test these technologies, individuals must be well-versed in vulnerabilities and weaknesses that can affect these assets.

Perform automated security testing, manual validation of automated results, and manual configuration validation of items not covered by automated testing, for the assigned area.
• Validate target lists and perform discovery scans of target subnets to determine if assets exist within subnets that have not been identified for testing.
• Troubleshoot any technical issues preventing the successful completion of testing engagements within the scheduled time allotted for the engagement (i.e., insufficient credentials, whitelisting not implemented, no network access, etc.).
  Have experience with the following primary tools: Nessus Professional, BurpSuite, DbProtect, NMAP, and Nipper. Additional supplementary tools are available.
• Validate and enrich results generated by automated testing tools. Example activities include the identification of false positive findings generated by testing tools and the adjustment of finding severities based on specific considerations within, or associated with, the affected target.
• Engage with testing stakeholders to gather all required information needed to create detailed test plans.
• Handle the installation, use, and technical troubleshooting of all security testing tools, including the creation of any customized configurations within the testing tools to complete testing engagements.
• Participate in findings meetings to review and provide input on the validity of operating system stakeholder responses to findings.
• Make recommendations for updates, additions, and modifications to security policy as gaps or deficiencies in security policy are identified.
• Provide Subject Matter Expertise for a variety of topics concerning operating systems in various formats (verbal or written).
• Maintain and stay current with in-depth technical knowledge of security testing tools in use by the customer and testing techniques.
• Work during non-core business hours, holidays, weekends, and on an as-needed basis to support off-hours testing, when required. This is estimated to occur approximately 30 days each year.
• Travel on a periodic basis to support remote testing when required. This is estimated to occur five (5) days each month for local sites (i.e., within fifty (50) miles of HQ), and approximately ten (10) days each quarter to sites further than fifty (50) miles.
• Support ad-hoc operating system testing engagements of a non-standard nature as they are identified to provide a benefit to IAD's security testing requirements.
• Additional duties as assigned in support of this security testing effort.

• At least eight (8) years of technical IT security experience. Such experience can come from system or network administration, security analysis, security testing and evaluation, security incident response, security monitoring, IT project implementation, or other similar technical activities.
• At least five (5) years of experience performing security control assessments (i.e., security testing such as security auditing, primary assessor for Security Control Assessments, etc.).
• Experience with manual scanning of complex technical architectures using appropriate tools and configurations (Tenable, DbProtect, Nipper, NMAP, Burp, Prowler, or industry alternatives).
• Experience with NIST and FIPS security controls, DISA STIGs, CIS standards, and cloud hardening standards.
• Experience working in groups acting as the sole security practitioner, as well as experience working in teams of various sizes of security personnel reviewing the same system.

• Security Certifications to include: CISSP, CEH, Pen Test, Web App Testing etc.

Requirements of position: Think analytically, effective verbal and written communication skills, make decisions, observe/remember details, interpret data, concentrate on tasks, adjust to change, handle stress/emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard/type, handle confidential information, use math/calculations, stay organized, operate office equipment, may direct others. May be exposed to dust/dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military/veteran status, or any other protected class.