Senior Security Engineer

Company Information:
Yudrio is an exceptional, small business that has an impressive ten year track record of delivering superior, dynamic technical systems to the federal government. Yudrio is currently working on projects for the Environmental Protection Agency (EPA), Department of Homeland Security (DHS), Internal Revenue Service (IRS), Federal Trade Commission (FTC), and Federal Deposit Insurance Company (FDIC).

Yudrio is a full service, full life-cycle management and information technology consulting firm providing innovative and customized technical solutions to our Federal and commercial clients. Yudrio offers services in the areas of strategy, application development, enterprise and technical infrastructure solutions. Our services span across various technology platforms, operating systems and infrastructures.

Labor Category:
Senior Security Specialist

Location:
Arlington VA or New Carrollton MD

Requirements:
• Ideal candidate will have software development experience with common web application languages including Java, Python, & Perl including an emphasis on secure application development practices
• Ideal Candidate will have experience using HP Fortify for static code analysis
• Performing source code scans
• Analyzing results to determine remediation prioritization identify false positives, best practices, etc.
• Documenting results and working with AppDev for resolution/remediation
• Candidate must be able to perform manual code reviews for code languages not capable of being scanned via COTS tools
• Candidate should have experience in performing dynamic code analysis across web applications
• Preferred skills in using IBM Rational AppScan for Dynamic code analysis
• Analyzing results to determine remediation prioritization identify false positives, best practices, etc.
• Documenting results and working with AppDev for resolution/remediation
• Client reporting
• Daily administration, management, deployment, upgrading, etc. of HP Fortify and IBM Rational AppScan
• Working across technical teams to support code analysis processes and procedures

Security Assessment & Authorization Experience:
• The ideal candidate will have experience and strong knowledge of NIST SP 800-53 Revision 4
• Candidate should have experience reviewing security control implementations for compliance with US Government Standards
• Candidate should have experience supporting 3rd Party Assessment/Audit activities
• Ability to track artifact requests and responses
• Provide status updates to project executives on assessment progress
• Ability to “translate” artifact requests into an actionable item for infrastructure teams
• Ability to summarize implementation details from technical teams to describe security control implementations
• Candidate should have experience reviewing solutions during both design and implementation phases for proper implementation of security controls based upon a risk assessment

Technical Experience:
• Strong understanding of IT Security
• General understanding of Security Compliance and Security Operations
• Experience working in a virtual environments (i.e. VMware)
• General understanding of network devices, core web portal infrastructure equipment, and web portal architectures
• General understanding of Linux & Windows operating systems

Other:
Strong verbal and written communication skills
Effective teammate and willing to works across functional team areas