Your excellent technical skills will assist in identifying risk to enterprise systems across a broad spectrum of technologies and processes. Your responsibilities will also include elements of physical and environmental protection, penetration testing, incident handling, and security training and awareness. In close coordination with the rest of the security team, you will play an active role in defending the enterprise.
Candidates must possess thorough understanding of Windows & Linux operating systems, cloud platforms, contemporary networking, penetration testing, and cybersecurity tools, techniques, and tactics.
- Prepare, document, and test national security systems and organizations using adversary tools and techniques to identify system vulnerabilities.
- Conduct vulnerability analysis and penetration testing as directed.
- Assist in security investigations and responses as necessary
- Researches threats and vulnerabilities and provides mitigation and remediation recommendations
- Document the results of field inspections and tests, support the development of resulting plan of actions & milestones (POA&M).
- Research evaluate new security technologies and countermeasures
- Improve operations by conducting functional and systems analyses and recommending changes in policies and procedures
- Prepare system implementers for successful assessments through cybersecurity advisement.
- Works with the customer to identify and implement security requirements, security best practices, and security controls
- Continuously review and evaluate best practices for implementing a comprehensive cybersecurity and monitoring program
- Provide cyber security technical expertise and analysis for new technologies and configurations.
- Provide written expert position and recommendations, packages, templates and guidance to gain approval for new or upgraded software
- Candidates must have extensive experience with risk assessment technologies and processes including understanding of the adequacy of implemented security features across a broad range of technologies.
- Must have demonstrated practical penetration testing / vulnerability exploitation experience
- Must have knowledge of host and network access control and auditing technologies and methods.
- Must have knowledge of application security and software vulnerabilities.
- Must have an understanding of incident response, configuration management, and defense in depth best practices.
- A background and some experience with RMF, NIST SP800-53, CNSSI, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is necessary.
- Experience with security configuration related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems.
- Knowledge of intrusion detection methodologies and techniques for detecting host- and network-based intrusion via intrusion detection technologies
- A minimum of 6 years’ experience with information security and related security concerns including penetration testing and information system security assessments.
- Must have an active TS/SCI clearance with the U.S. Federal Government.