• Bachelor'ss degree in Computer Science, Engineering, Sciences, Mathematics (or related disciplines).
• 8+ years of security architecture experience.
• Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
• Strong understanding of information system security vulnerability assessment/testing on a wide variety of technologies and implementations utilizing both automated tools and manual techniques such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
• Significant hands on experience with manual web application assessment and penetration testing methods related to web application mapping, reviewing client-side controls, testing user-input fields, and attacking session management, authentication, access controls, encryption, and backend databases/data stores
• Knowledge of securing cloud based systems (AWS, Azure, private clouds etc)
• In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
• Proven ability to clearly document and communicate security findings, risk description, risk level, and recommended solutions to stakeholders.
• Industry information security certifications: OSCP/OSCE/OSWE, GPEN, GWAPT, CEH, CISSP.
• Experience in performing static code analysis tools such as HP Fortify, Veracode, or IBM AppScan Source
• Good understanding of the components of a secure SDLC
• Understanding of networking, operating systems such as Linux and Windows..
• Demonstrated knowledge of security industry standards and best practices such as OWASP and NIST.
• Excellent interpersonal, analytical and problem-solving skills.
• Proven ability to manage multiple tasks/projects.
• GCIH, GCTI, CISSP, CEH, or other relevant certification preferred
• Experience with and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
• Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
• Experience with Nessus, Metasploit, Burp Suite Pro, Kali Linux tools, programming / scripting exposure (Python, Perl, C, Bash, PHP, Node)
AIR Assessment is one of America’s leading K -12 educational assessment entities, currently holding prime contracts for educational testing and scoring in many states. AIR Assessment is a national leader in computer based adaptive assessments; a market that is rapidly growing. We focus on providing our clients with customized assessments that not only measure student achievement against state standards, but also provide meaningful score reports that can help students, parents, and educators address any areas of student weakness. Our environment is fast-paced and requires people at all levels who are willing to roll up their sleeves to get the work done on time while maintaining high quality. As a part of AIR, a not-for-profit organization, we are more than 1,900 people working to improve lives in communities domestically and around the world. Our mission calls for us to turn the best research into practice, which we do in every arena in which we work.