Vencore is a proven provider of information solutions, engineering and analytics for the U.S. Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems.
Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do.
Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled
• The duties of this labor category include examining the Sponsor’s information systems to determine if vulnerabilities exist and, if they are found, what mitigating strategies can be applied. The end goal is to ensure the integrity of Sponsor systems by identifying and mitigating potential avenues of exploitation, including system level attacks and user level attacks. The Security Assessment Tester coordinates planning, scheduling, and testing of projects in the Certification and Accreditation (C&A process.
• Develop and document security evaluation test plan and procedures
• Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.).
• Assist in researching, evaluating, and developing relevant Information Security policies and guidance.
• Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.
• Brief management, as needed, on the status of action items and/or results of activities.
• Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures.
• Coordinate with other program elements conducting security testing.
• Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
• Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls.
• Identify needs for testing equipment and gaps in testing capabilities; conduct research on and evaluation of automated testing tools and provide summaries and reports to sponsor on the tool capabilities, in support of potential procurement by the Sponsor.
• Perform network security analysis and risk management for designated corporate networks.
• Develop, assemble, and submit C&A testing results reports that document testing activity and results to support the creation of C&A risk assessments and C&A approval packages.
• Clarify security requirements and recommend security countermeasures
• Read and analyze SSPs and develop understanding of systems and applications into security test plans.
• Location will be Bethesda or McLean
Requires 8 to 10 years with BS/BA or 6 to 8 years with MS/MA or 3 to 5 years with PhD.
• TS/SCI with Poly
• A Bachelor's degree or equivalent in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline is strongly desired, plus 8 years related experience
• Strong technical skills and analytic abilities, as well as, experience performing network security analysis and risk management.
• Broad knowledge of network architectures and network management tools.
• Demonstrated ability to perform complex technical tasks in pursuit of overall goals with minimal
• First rate written and oral communications skills.
• Ability to translate an understanding of systems and applications into security test plans and perform hands on security testing.
• Knowledge of risk management methodologies
• Demonstrated ability to analyze test results and suggest mitigations for security problems.
• Broad knowledge of Information Security policies and guidance, as well as the ability to assist in researching, evaluating, and developing relevant security policies and guidance.
• Working knowledge of Intelligence Community Information Assurance policies and regulations and how the certification and accreditation (C&A process relates to it.
• Ability and skill in using Information Assurance test and risk assessment tools.
• Experience in using Information Assurance test and risk assessment tools.
• Either an ISC2 CISSP certification or SANS GSEC certification