Engility delivers innovative solutions to critical challenges facing the nation and the world. As a premier provider of integrated services for the U.S. government, we support the Department of Defense, intelligence community, space communities, federal civilian agencies and international customers. Engility is dedicated to making lives better, safer and more secure.
The candidate will be responsible for conducting database vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately “tell the story” of how a vulnerability was exploited and what the overall impact would be to particular hosts or networks.
More specifically, the candidate will:
- Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and databases (i.e., MySQL, MSSQL, Oracle, Sybase, etc.); support similar functions when tasked to support Cyber Protection Team activities.
- Demonstrated ability to methodically analyze problems and identify potential solutions.
- Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.
- Analyze and evaluate database schemas and current or proposed configurations to discern weaknesses for exploitation; document and transition results in reports, presentations and technical exchanges.
- Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
- Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments.
- Possess good writing and communications skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.
- Travel up to 25% with trips encompassing 1-3 weeks in duration.
Must possess an active Secret security clearance and be able to obtain a TS/SCI security clearance.
Must possess or be willing to obtain an IAT Level III certification: CISSP (or Associate), CASP, CISA, GCED, GCIH, or CCNP-Security.
- Must possess or being willing to obtain a database certification (e.g., OCP, CMDBA, MSDBA, MS SQL Server, etc.), MCSA and UNIX/Linux certifications within 6 months upon arrival on site
- Minimum Bachelor’s degree and 2 years experience, Associates degree with 4 years experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science.
- Database administrator experience (Oracle, MS SQL Server, MySQL, etc.) (5 years).
- System administrator experience (Windows, UNIX) (5 years).
- Hands on experience with and knowledge of SQL (5 years).
- Experience in working with and in a network systems security environment with a focus on database administration and security (5 years).
- Networking and web application knowledge and experience.
- Must complete customer pre-screen, skills assessment lab, pass customer training and certification program and remain mission ready qualified.
- Self-motivated with minimal supervision.
- Analytical with the ability to understand and implement customer objectives.
- Familiarity with DISA STIGs and experience in conducting DoD vulnerability and compliance assessments.
- Experience or familiarity with military operations highly desirable.