Capital TechSearch

Location: McLean, VA

Job ID: 5838

We are looking for an Information Security Engineer. Certs are a plus: CISSP CSSLP, SSCP, CCSP, or CAP. You will ensure that software solutions and products are designed and implemented to the highest security standards. You will perform technical security assessments, code reviews and vulnerability testing to proactively build effective methods to enhance our overall security posture. Direct Hire.  Great benefit - 100% Employer Paid Medical, Dental, Vision! Responsibilities
  • Provide security guidance on a constant stream of new products and technologies
  • Conduct regular technical security assessments, code audits and design reviews
  • Analyze, assess, and respond to various information security threats
  • Develop technical solutions to help mitigate security vulnerabilities
  • Oversee the bug bounty program
  • Analyze bug bounty data to identify vulnerability patterns and trends, and research/recommend technical solutions
Minimum Qualifications
  • 6 years of experience in application-level vulnerability testing (e.g Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc) and code-level security auditing
  • Strong proficiency in C++, with solid knowledge of language specification and solid understanding of Boost and Lambdas
  • Knowledge of the various cybersecurity frameworks and related industry-leading practices such as NIST, FFIEC, and OWASP
  • Formal background in cryptographic protocols and best practices, including knowledge of symmetric and asymmetric protocols, hashing, key exchange, and certificate management
  • Familiarity with CVEs and ability to communicate their meaning to the engineering team by translating them into actionable actions
Preferred Qualifications
  • Contributions to the security community (public research, presentations, blogging, etc)
  • Experience of writing native modules for high-level languages (node.js, wasm,etc.)
  • Experience with Amazon Web Services and Google Cloud Platform
  • Experience with vulnerability analysis, software compliance standards (e.g., FedRAMP, SOC2, FIPS, DISA STIG)
  • Experience with Docker/Kubernetes
  • GIAC certifications and/or other security-based credential (CISSP CSSLP, SSCP, CCSP, or CAP)
No Sponsorship.  No c2c.  No Remote. Direct Hire.  Great benefit - 100% Employer Paid Medical, Dental, Vision!

To be immediately and seriously considered for this exceptional opportunity please apply below. Your responses will be held in the strictest confidence.

Please call our office if you have any questions. Capital TechSearch, Inc. is an Equal Opportunity Employer.

Apply for this position

  • Accepted file types: doc, docx, pdf, txt.
    File types permitted: .DOC, .DOCX, .PDF, or .TXT
  • Accepted file types: docx, doc, pdf, txt, rtf.
    docx, doc, pdf, or txt files
  • Add any additional information in the notes that describes your value and fit for the position. Additional considerations may include your availability, compensation, and if you are not local to the position, your interest in relocating.

By clicking "Apply" you agree to receive new job updates, information and news from Capital TechSearch, Inc. You can always unsubscribe from our communications at any time.