Security Test Lead Engineer

Position Type: Contract

Location: Lanham MD USA

Overview:

We are seeking a skilled Security Test Lead Engineer to oversee and manage security testing initiatives for federal systems, ensuring compliance with government regulations and standards. The role requires an experienced professional capable of designing, implementing, and leading security testing strategies while working collaboratively with cross-functional teams.

Responsibilities

Security Testing Leadership

• Lead the design and execution of security testing strategies, including vulnerability assessments, penetration testing, and security controls evaluation.

• Develop and manage detailed security test plans and scripts aligned with federal security requirements (e.g., FISMA, NIST 800-53).

• Oversee the implementation of automated security testing tools and frameworks.

• Coordinate security testing activities across development, QA, and security teams.

Risk Assessment and Compliance

• Perform security risk assessments to identify vulnerabilities and recommend mitigation strategies.

• Ensure all testing aligns with compliance mandates such as FISMA, FedRAMP, and other federal guidelines.

• Validate that security controls are functioning as intended and adequately protect system assets.

Collaboration and Communication

• Work closely with system architects, developers, and security teams to identify and resolve security issues.

• Provide detailed technical reports on vulnerabilities, risks, and testing outcomes.

• Present findings and mitigation strategies to federal stakeholders and management teams.

• Tool Implementation and Optimization

• Deploy and manage security testing tools, such as OWASP ZAP, Nessus, Burp Suite, or similar.

• Continuously evaluate and recommend new tools or methodologies to enhance testing capabilities.

Training and Mentorship

• Provide guidance and mentorship to junior testers and engineers on security testing best practices.

• Deliver training sessions on security awareness and testing methodologies to team members.

Incident Response Support

• Assist in analyzing and responding to security incidents, using test results to improve incident response plans.

• Support post-incident reviews to refine testing processes and identify future security needs.

Documentation and Reporting

• Maintain accurate records of testing activities, including test cases, test results, and remediation plans.

• Prepare comprehensive reports for audits, compliance reviews, and risk assessments.

Qualifications

• Education and Experience

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).

• 7+ years of experience in security testing, including penetration testing and vulnerability assessments.

• 3+ years of experience leading security testing teams or projects.

Technical Skills

• Proficient in security testing tools such as Nessus, Metasploit, Burp Suite, OWASP ZAP, and Wireshark.

• Strong knowledge of federal security standards (e.g., NIST 800-53, FISMA, FedRAMP).

• Experience with cloud security testing (e.g., AWS, Azure, GCP) and containerized environments.

• Solid understanding of encryption protocols, authentication mechanisms, and secure coding practices.

Soft Skills

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal abilities to interact with technical and non-technical stakeholders.

• Leadership skills to effectively manage and inspire security testing teams.

• Certifications (Preferred)

• Certified Information Systems Security Professional (CISSP)

• Certified Ethical Hacker (CEH)

• Offensive Security Certified Professional (OSCP)

• GIAC Security Essentials Certification (GSEC)

Why Join Us:

• Opportunity to work on critical federal projects that safeguard national security.

• Collaborate with talented teams in a mission-driven environment.

• Access to professional development and growth opportunities in the cybersecurity domain.