Industry: Accounting, Finance & Insurance•
Less than 5 years
Posted 166 days ago
Job Number: R0029586
Blue Team Security Assessment/Independent Verification and Vulnerability Engineer, Mid
Analyze Cybersecurity foundational elements within DoD organizations to assess their ability to defend against, respond to, and recover from an attack and validate agency implementation of technical controls, tools, and technologies and people, processes, and program maturity. Participate in the mission meetings required to document client requirements and analyze the production of a mission Security Assessment Plan (SAP), including System Under Test (SUT) Security Control Areas, mission timelines, communication plan, scope, and a testing plan for security control validation. Support Independent Verification and Validation (IV&V) assessment missions for DoD clients, including automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess vulnerabilities. Work collaboratively as part of a team to assess any device on the DoD enterprise backbone, including servers, workstations, network devices, storage devices, such as Fibre Channel, NAS, and storage controllers, applications, such as Web, database, e-mail, FTP, and SSH, and security devices, such as firewalls, IDS, and Web content filters. Assist with the development of a Security Assessment Final Report (SAFR) to summarize the security assessment mission, identify high securityrisks, threats, and failures found during the mission within the executive summary, provide a detailed findings section detailing every finding with an overview, evidence, root cause analysis, and recommended mitigation plan of action addressing each security issue. Support rapid assessments to perform ad hoc missions at the request of the client, including in-depth vulnerability assessments, validation of system security configurations, and generation of a Rapid Assessment Report (RAR) and conclude with a Rapid Assessment Final Report (RAFR). Support application code review performing automated scans and manual reviews and scan newly deployed servers and applications in test and production environments to ensure vulnerabilities have been mitigated and configured in accordance with DoD Security Technical Implementation Guides (STIGs).
-2+ years of experience with software testing and assessment or software security assurance (SSA)
-BA or BS degree
-DoD 8570 IAT II Certification, including CCNA-Security, CISP, GSEC, Security+ CE, or SSCP
-Technical or Administrator Certification in Linux+ within 6 months of start
-Experience with securing system configurations per DoD STIG using STIGviewer, SCAP Compliance Checker, and Open SCAP
-Experience with auditing and reporting on network, system, and application security, scanning and detecting system vulnerabilities, performing risk analysis and risk assessment, and mitigating risks to systems security
-Experience in working with DoD STIGs
-Knowledge of DIACAP for GENSER systems, National Institute of Standards and Technology (NIST) SP 800-53 for unclassified systems, and DoDI 8500.01-DIACAP or RMF
-Ability to produce briefings and reports for senior-level audiences
-Ability to develop effective working relationships that improve the quality of work products
-Ability to handle competing priorities
-Possession of excellent organizational skills
-Possession of excellent oral and written technical communication skills
-Top Secret clearance
-BA or BS degree in CS, MIS, or a related technical field
-DoD 8570 IAT III Certification, including CASP CE, CISA, CISSP or Associate, GCED, GICSP, or GCIH
Applicants selected will be subject to a securityinvestigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.