The right candidate will possess the below skills and qualifications and be ready to handle all responsibilities independently and professionally.
- Experienced in administering and operating Assured Compliance Assessment Solution (ACAS) vulnerability assessment tool
- Demonstrates an ability and passion to learn new technologies and IT skills
- Proficiency navigating the Linux CLI and writing scripts to automate tasks is a plus
- Operates in multiple classified environments daily.
- Acts as a subject matter expert on organizational Cybersecurity (CS) vulnerability assessment tools and enforce those CS policy and Standard Operating Procedures.
- Maintains IAVA/B, TASKORD, CTO compliance; must be knowledgeable of known vulnerabilities from alerts, advisories, errata, and bulletins.
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
- Collects succinct accurate artifacts to support Directives, Policies, and SOPs established to make decisions for Risk Management (i.e. develops Security Assessment Reports)
- Reconciles customer requirements within acceptable risks determined by DOD policies, command policies and generally accepted practices.
- Makes recommendations for tools and processes to improve organization initiatives.
- Knowledge of Risk Management Framework (RMF) requirements
- Responds to daily inquiries via email, phone, or in-person from organization members
- Demonstrates appropriate discretion when handling classified/sensitive information
- Skills in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Knowledge of new and emerging information technology (IT) and information security technologies
- Knowledge of system lifecycle management principles, including software security and usability
- Conducts continuous analysis to identify network and system vulnerabilities
- Knowledge of system and application security threats and vulnerabilities (e.g., Injection Attacks, XSS, CSRF, Security Misconfigurations, IDOR, etc )
- Prepares audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
- Knowledge of server administration and systems engineering theories, concepts, and methods
- Administers, operates, and maintains multiple vulnerability management servers/applications
Degree and Years of Experience: B.S. or M.S. in Computer Science, Information Security, Mathematics, or IT related field
- 7 years’ experience in Cybersecurity (Information Assurance) compliance and vulnerability testing
Required Certifications:
- 8570 IAT III certification
- 8570 CSSP Infrastructure Support certification (or ability to obtain with 4 months of hire)
- Experience with COTS/GOTS/DOD CS Tools for security analysis and network scanning
- Vulnerability tool administration and execution
- Proficient with MS Office products
- Exceptional organizational, presentation and communication skills (verbal and written)
- Excellent listening and comprehension skills. Ability to extract and clearly articulate key concepts and requirements from verbal discussions, documentation and transcripts
- Familiar with handling and marking of classified information
- Familiarity with Security policies governing the storage of, access to, and transmittal, of classified information
- Must be self-starter, self-managed, responsive and dedicated, with a proven track record of exceptional performance, high productivity and meeting deadlines.
- Must have customer service and team player skills
- Must maintain high levels of initiative and think outside the box
- Able to develop innovative methods to solve challenging problems with available manpower and tools
- Flexible, able to maintain a positive attitude in a fast-paced constantly changing environment
- Ability to work cooperatively and proactively with personnel at various levels within the organization
- Linux CLI proficiency
- Ability to write scripts to automate tasks in a Linux environment
- Application security
- Software programming experience
Please review our current job openings and apply for the positions you believe may be a fit. If you are not an immediate fit, we will also keep your resume in our database for future opportunities.