Members of the Cybersecurity team support our work on assessment and authorization (A&A) of critical systems, detection of adversary behavior, and improving the defensive posture of our customer's information systems. The successful candidate will use various tools and methodologies to evaluate the state of systems and applications for vulnerabilities, verify protection against adversary intent, and evaluate cyber security processes to protect and defend against our adversaries.
Requirements
Required
- Demonstrated experience analyzing IT systems for cyber security vulnerabilities.
- Demonstrated experience developing IT system or network architecture design, conducting IP data flow analysis, encryption configuration, and vulnerability analysis using both open-source and commercial tools, such as Nmap, Wireshark, Metasploit, Canvas, Kismet, or BackTrack.
- Demonstrated experience analyzing IT network configurations of devices such as firewalls, routers, switches, VPNs, or Intrusion Detection/Prevention Systems for cyber security vulnerabilities.
- Demonstrated experience with communications protocols such as IP, TCP, UDP, HTTP, HTTPS, MPLS, OSPF, IGRP, BGP, SIP, H.232.
- Demonstrated experience with multiple OS’s, including Windows, Linux, and OSX.
- Demonstrated experience with Microsoft Windows ver.; 7, 8, 10, 2008R2, 2012, 2012R2, or 2016.
- Demonstrated experience with cloud computing technology and hypervisors such as HyperV, VMWare ESX, or Virtual Box.
- Demonstrated experience with transitioning security domains and use of cross domain appliances.
- Demonstrated experience with network management systems, network storage, backup systems, and disaster recovery (DR) architectures.
- Demonstrated experience performing technical risk assessments and providing technical risk mitigation guidance.
- Demonstrated experience ensuring appropriate risk mitigation considerations, risks and vulnerabilities are well understood and appropriately mitigated.
- Demonstrated experience analyzing procurement processes of hardware, software and services to comply with cyber security and operational needs.
- Demonstrated experience creating concise and well-structured written assessments.
- Certifications: CISSP Certification.
Desired experience:
- Demonstrated experience with the Sponsor’s IT review boards.
- Demonstrated experience with providing recommendations to IT architecture and design reviews.
- Demonstrated experience with the Sponsor’s security policies and regulations.
- Demonstrated experience providing recommendations in technical standards, security standards, and operational assurance.
- Demonstrated experience with USG standards such as Intelligence Community Directive (ICD) 503, Federal Information Processing Standards (FIPS), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-60.
- Certifications: Certified Information Security Manager (CISM), Certified Ethical Hacker.