We are looking for a candidate with extensive experience in government Risk Management Frameworks (RMF) and cybersecurity threat, risk and vulnerability assessments, cybersecurity operations, forensics and networking, and solution architecture development for a Full-Time position in our Information Assurance (IA) and cybersecurity professional services and research group.
Candidate will perform independently and as part of a team to:
- develop Risk Management Frameworks (RMF) compliance packages for government agency services, network environments, operations and research projects,
- assess network architecture and host systems for effective security controls and configurations,
- perform vulnerability assessments, penetration testing and NIST-based risk assessments on client security programs, wired and wireless networks, devices, software systems and applications,
- perform system engineering and develop solution architectures to meet mission goals, business objectives, and applicable policies,
- participate in cybersecurity research and prototype software-based capabilities
The candidate must possess the following experience and skills.
- Proficiency in Risk Management Framework (RMF) and Assessment and Authorization (A&A) processes in accordance with cybersecurity best practices and NIST SP 800-53 R4, UFC 4-010-06, NIST SP 800-82 R2, UFGS 25-05-11, and AFGM 2019-32-01.
- Preparation of Authorization To Operate packages, coordinating Assessment and Authorization packages via Enterprise Mission Assurance Support Service (eMASS), and supporting acquisition documentation related to cybersecurity needs
- Controls-based assessments and the creation, review, and update of security artifacts and documentation such as CONOPs, System Security Plan (SSP), Plan of Action & Milestones (POA&M), Privacy Impact Assessment (PIA), privacy threshold analysis (PTA), Risk Management Frameworks (RMF), and categorizing systems to help government agencies achieve Authority to Test (ATT), Interim Authority to Operate (IATO), and Authority to Operate (ATO) projects
- Identification of in-scope systems for testing; develop requirements; define strategy; and determine evaluation criteria for testing outputs for the evaluation of OT and IT systems
- Use and develop tools and methods to determine vulnerabilities in system software, firmware, networks, and embedded systems to determine attack vectors and vulnerabilities.
- Conduct penetration testing to identify weaknesses to exploit system, software, network, and process vulnerabilities. Use vulnerability exploitation tools such as nmap, Metasploit, Wireshark, or similar and develop new tools to evaluate the risk of emerging vulnerabilities. Utilize programming and scripting languages native to Linux, UNIX, and Windows-based systems to facilitate the execution of penetration tests. Familiar with popular operating systems such as Windows and Linux/UNIX platforms, database platforms,
- Evaluate the results of Vulnerability Assessments and Penetration Tests and develop risk evaluations of IT and OT systems, classify vulnerabilities, assess the risk of vulnerability exploitation, and analyze risk for impact to customers mission, rank each risk for remediation prioritization and provide formal mitigation recommendations, and advise and support system owners.
- Perform system engineering and solution architecture design to integrate network and software systems.
- Basic proficiency in software development and scripting, such as:
- Python, Java, C/C++, SQL,
- Linux and Windows Operating Systems
- Web application development, XML, HTML
- Basic Cloud technologies
- Linux and Windows application development and scripting capabilities,
- Basic proficiency in one or more of the following security tools:
- JAVA Decompilers, Web proxies (Paros, Burp Suite Professional), Nessus, Burpe Suite, Nipper, Kali Linux, Nmap, Wireshark, Tcpdump, Scapy, Ghidra, OllyDbg, IDA Pro, and other tools
- Strong written and oral communication skills
- The candidate should be comfortable working in a dynamic environment:
- Working with a diverse set of new IT, OT, and IoT technology
- Supporting multiple projects and customers
- Acquiring knowledge and learning new subject matter areas
- Participating in research, prototyping, and development of cybersecurity software solutions
- Requires 8 to 10 years with BS/BA or 6 to 8 years with MS/MA or 3 to 5 years with Ph.D. Bachelors degree in Computer Science/Engineering, Electrical Engineering, or related technical field.
- (ISC)2 Certified Information Systems Security Professional (CISSP)
- Active Secret Clearance required.