DATABASE CLOUD SECURITY ASSESSOR (Remote)

Emagine IT
Baltimore, MD Remote Full Time
POSTED ON 2/22/2023 CLOSED ON 3/25/2023

What are the responsibilities and job description for the DATABASE CLOUD SECURITY ASSESSOR (Remote) position at Emagine IT?

Summary:

EIT has an immediate need for a Database Cloud Security Assessor, who is expert in Cloud database technologies, and conduct vulnerability assessments on a wide variety of client databases and applications. This is an opportunity for a team player who would like to work with a world-class team, and is eager to grow their cyber security skills. 

Essential Functions

The Database Cloud Security Assessor is responsible to performing hands-on technical testing of the application and Databases. Conduct application/database security assessments (web application, web service, databases etc.) in federal government space for mission critical application hosted in AWS, Microsoft Azure, hybrid cloud and physical datacenter. These assessments involve manual testing utilizing testing tools, manual techniques, and analysis as well as the use of automated application vulnerability scanning/testing tools and/or code review tools.  


Responsibilities include:  

    Proficient in all aspects of Cloud Security including identity and access management, defining organizational structure and policies, using Cloud technologies to provide data protection, configuring network security defenses, collecting and analyzing logs. 

    Attaining an accurate understanding of the databases, application logic and architecture.

    Performing manual security assessment testing in determining the following: 

    Whether application security controls have been implemented

    Are technical controls are working as intended

    Producing the desired results

    Discover the design, implementation, and operational flaws that could violate organization’s IS Policies, Standards, Procedures and Guidelines.

    Using automated tools such as Nessus, WebInspect, SNYK, SNORT, PowerShell, Nmap and Burp Suite to scan system for vulnerabilities. 

    Provide technical expertise in IT Security Risk Management functions

    Enhance and perform standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO)

    Performing analysis of automated vulnerability scanning tool results to identify system vulnerabilities.

    Identifying system deviations leveraging best security practices such as NIST, and SANS. 

    Documenting findings and consulting with security assessment team members to verify/corroborate system findings.

    Interviewing application system staff; and presenting application findings during the daily stakeholder briefing.

    Write assessment report of findings, debrief via conference calls to system owners and consult on remediation options. 

    Retest security vulnerabilities that have been identified as fixed to verify remediation is effective.

    Contribute to security assessment, tooling, and reporting methodology enhancements.

    Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices 

    Any other services as reasonably requested by EIT


Qualifications:

    Technical bachelor's degree with 10 or more years' related work experience. 

    Technical Maters Degree with 7 or more years' related work experience (Technical degree defines as in Information Assurance, Cyber security, Computer science or information technology field of study)

    Must have CISSP, Security , CEH, CCSK, AWS Architect certification. Professional certifications like, CISA, CISM, CAP; CASP; CISO; CCFE are nice to have. 

    Expertise with Cloud Platform (AWS and Microsoft Azure) with AWS/Cloud related Certification

    Expertise in server less technologies including containers and orchestration (Docker, Kubernetes, AWS Container service etc). 

    5 years’ experience with databases such as MS SQL, MySQL, PostgreSQL, Oracle and MangoDB and RDS etc.

    Through understanding of CDM for application security vulnerabilities and mitigation.  

    Experience evaluating ATO security documentation and templates, including but not limited to SSPs, POAMs, Contingency Plans, Scoping templates

    5 years’ experience performing application security assessments and penetration testing using manual techniques plus dynamic vulnerability testing tools (including Nessus, WebInspect, and Burp Suite, web proxies, scanners) and static code review tools to identify exploitable vulnerabilities, including testing techniques used to exploit vulnerabilities in the OWASP Top Ten lists. 

    5 years’ experience in various system administrator/engineering tasks on Windows and Linux operating systems. 

    Experience with tools like SNORT, PowerShell, Python, Forensic Tools, IDS, IPS, SPLUNK and SnowFlake

    In depth Knowledge of common server applications such as IIS, Apache, LDAP, Tomcat, ssh

    In depth Knowledge of common network protocols such as HTTP/HTTPS, TCP/IP, UDP

    Ability to obtain Public Trust clearance


AAP/EEO Statement 

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our customers a competitive edge, now and into the future.


Security Control Assessor 2
ARSIEM -
Annapolis, MD
Security Control Assessor (SCA)
Cymertek -
Annapolis, MD
Senior Security Controls Assessor
Base-2 Solutions, LLC -
NSAW, MD

For Employer
Looking for Real-time Job Posting Salary Data?
Keep a pulse on the job market with advanced job matching technology.
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

Sign up to receive alerts about other jobs with skills like those required for the DATABASE CLOUD SECURITY ASSESSOR (Remote).

Click the checkbox next to the jobs that you are interested in.

  • Disaster Recovery Planning Skill

    • Income Estimation: $112,194 - $138,488
    • Income Estimation: $124,693 - $157,449
  • Cloud Security Skill

    • Income Estimation: $124,693 - $157,449
    • Income Estimation: $149,032 - $188,459
This job has expired.
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Not the job you're looking for? Here are some other DATABASE CLOUD SECURITY ASSESSOR (Remote) jobs in the Baltimore, MD area that may be a better fit.

Security Controls Assessor (SCA)

Interclypse, Inc., Annapolis, MD

Security Control Assessor 3

ARSIEM, Annapolis, MD