Address
Form of workJob Description
Job Summary
This project provides defensive cyberspace operations (DCO) support to Defensive Cyberspace Operations Division (DCOD), US Army Regional Cyber Center-Korea. Under limited supervision, the Assessment Analyst will plan, coordinate, integrate, synchronize, direct, and conduct Cyber Defense Operations to detect, deter, disrupt, and deny adversary activities in order to protect and defend the DoD Information Network – Army (DoDIN-A). You will contribute to the development of policies, processes, and architectures to enhance execution of cyberspace operations in support of full spectrum missions. You will direct the execution of Computer Defense Assistance Program (CDAP) missions, to include Persistent Presence, Penetration Testing, Network Damage Assessments, Network Assistance Visits, and Cyber Security Service Provider (CSSP) assessments of subscriber networks. You will participate in the Risk Management Framework (RMF) accreditation process. You will contribute to re-accreditation efforts for classified and unclassified Army networks in Korea. You will provide technical evaluations and solutions to ensure supported systems are Information Assurance (IA) compliant. You will assess risks to information systems and networks from attack or intrusion. This position is located in Pyeongtaek, South Korea.
Responsibilities
· Participate in the execution of required and requested Computer Defense Assistance Program missions in support of Cyber Security Service Provider (CSSP) requirements.
· Plan, assess, test, analyze, and report information on security vulnerabilities and possible exploitations present in a variety of complex and secure computer systems.
· Prepare, participate and/or present briefings to senior management officials in conferences and workshops where security related issues are discussed.
· Review design documentation, vendor self-assessments, network protocols, and software code for system vulnerabilities.
· Review new policies and initiatives by local authorities, Department of Defense (DoD), US Cyber Command, Department of the Army (DA), Army Cyber Command (ARCYBER), NETCOM, and various agencies.
· Ensure timely delivery and accuracy of AR 380-53 related products.
· Review design documentation, vendor self-assessments, network protocols, and software code for system vulnerabilities.
· Provide technical information system security testing in support of the appropriate security risk management processes using security assessment and technical testing efforts, including in-depth network and application vulnerability testing for automated and manual testing and demonstrable false positive validation.
· Develop documentation in support of testing efforts, including test plans, preliminary findings reports, security assessment reports, and other test artifacts, as required by the customer.
· Work with commercial and government open source vulnerability assessment tools and techniques used for evaluating operating systems, databases, and Web applications.
Skills/Abilities
· Positive attitude (required)
· Strong analytical, conceptual, and problem-solving abilities
· Strong written and oral communication skills
· Proven ability to prioritize and execute tasks in a high-pressure environment
· Proven ability to work in a team-oriented, collaborative environment with both technical and non-technical team members
· Attentive to detail with a focus on accurate results
· Ability to thrive in a foreign country
Requirements
· 3+ years of experience with security, including penetration testing and vulnerability assessments
· Experience with vulnerability analysis.
· Knowledge of UNIX, Linux and Microsoft Windows operating systems, TCP/IP protocol stack, and networking tools
· Knowledge of any of the following programming languages: Visual BASIC, C++, WMI, Assembly, JAVA, Python, Ruby, etc…
· Knowledge of security tools and products, including Fortify, AppScan, Nessus, Nmap, or Netcat
· Knowledge of the Metasploit framework or similar security tools
· TS/SCI clearance
· HS diploma or GED
· DoD 8570 IAT Level III Certification and CND Duty Role Certification, such as GPEN or CEH
· Must be a US Citizen
