IT Security Specialist​/ago

IT Security Specialist (Cybersecurity/Info Sec Engineering) - Arlington, VA About Peraton

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace.

The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit  to learn how we're keeping people around the world safe and secure.

Peraton is currently seeking skilled and qualified candidates for our IT Security Specialist position supporting the US OIG Postal Service in Arlington, VA. The IT Security Specialist is responsible for the application security function and for information technology security (Cybersecurity/Info Sec) engineering and design, serving as a technical expert authority. The OIG's information resources are sensitive assets and are critical in the performance of its mission;

therefore, information security services help safeguard the information resources entrusted to the OIG.

• Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information.
• Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting.
• Administer cloud-based security tools such as Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager);
  Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal);
  Microsoft Security and Compliance Center;
  Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
• Manage security incident detection, response, and remediation.
• Conduct cyber threat and vulnerability analysis and remediation.
• Develop security metrics and manage reporting and compliance.
• Serve as Incident Response Team member.
• Support operational implementation of FISMA/NIST standards and industry best practices.
• Operate cloud-based security tools such as Azure Security Center.

• Bachelor's degree in cybersecurity/information technology or related field with 5+ years' experience.
• Ability to obtain and maintain a Public Trust security clearance.
• U.S. Citizenship with no more than six months outside travel of the U.S. during this time frame and must have resided in the U.S. the past five years.
• Must have hands-on experience with Static and Dynamic Application Security Testing (SAST/DAST) using tools like HP Fortify, HP Web Inspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode.
• Must have specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices.
• Must have specialized experience in manual code review with the ability to identify potential vulnerabilities and best coding practices.
• Must have specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, Dir Buster, Kali Linux, Metasploit Pro, Accunetix, Insight App Sec, Git Lab, Coverity, Fortify, and Git Hub Enterprise.
• Must have specialized experience in assessing application vulnerabilities and bugs in various applications.
• Must have specialized experience creating security testing pipelines and test plans.
• Must have specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments.
• Must have knowledge of coding languages such as Java, .NET, Python, PHP, C++, C#.
• Must have extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts.
• Currently Industry Certifications in one or more of the following (or equivalent):
  • Certified Secure Software Lifecyle Professional (CSSLP)
  • Certified Cloud Security Professional (CCSP)
  • Offensive Security Certified Professional (OSCP)
  • EC-Council Certified Application Security Engineer (CASE)
  • GIAC Certified Web Application Defender (GWEB)
  • Azure Developer Associate

• Master's degree in cybersecurity or related field.

Target Salary Range: $104,000 - $166,000. This represents the…