Vulnerability Assessment Analyst

CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation Company is seeking a Vulnerability Assessment Analyst (Mid-level) that will perform assessments of systems and networks within a Government enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The analyst will measure the effectiveness of defense-in-depth architecture against known vulnerabilities.

The Vulnerability Assessment Analyst’s responsibilities include, but are not limited to, the following:

• Analyze the organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and Vulnerability Assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information systems and processes).

• Conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Assessing the robustness of security systems and designs.
• Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
• Mimicking threat behaviors.
• Use of penetration testing tools and techniques. (e.g., Burp suite, Metasploit, Wireshark, Kali Linux).
• Use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Using network analysis tools to identify vulnerabilities. (e.g., Nessus, Verodin).
• Reviewing logs to identify evidence of past intrusions.
• Conducting application Vulnerability Assessments.
• Performing impact/risk assessments.
• Developing insights about the context of an organization’s threat environment
• Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Desired skills: the Vulnerability Assessment Analyst should have the ability to:

• Identify systemic security issues based on the analysis of vulnerability and configuration data.
• Apply programming language structures (e.g., source code review) and logic.
• Share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

• US citizen
• Active Top Secret/Sensitive Compartmented Information (TS/SCI) clearance, eligible for Counterintelligence (CI) Polygraph.
• IAT Level 2 certification (e.g., CySA+, GSEC, Security+ CE) and two Penetration Testing Certifications (e.g., GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT).
• Bachelor’s degree or higher from an accredited college or university in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
• Possible travel within the Continental United States (CONUS) and Outside CONUS (OCONUS).