Vulnerability Assessment Analyst - (Risk Management)
Full Time
Springfield, VA
Posted
Job description
Overview:
Security Clearance required: Active TS with SCI Eligibility, an active TS/SCI with CI Poly preferred. Candidate must be able to obtain CI Poly
Education:
Desired degree in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering degree, Mathematics or an Engineering field.
Required Certifications:
Why Castalia?
Castalia provides a positive and rewarding work environment. We make sure our employees feel valued and the ability to balance quality work with their personal lives. We offer a generous benefits package that includes medical, dental and vision coverage, 401k matching with day 1 vesting, PTO, and paid holidays, paid life insurance, AD&D, and long/short-term disability, professional training, and much more!
Castalia is an equal employment opportunity and affirmative action employer and strives to comply with all applicable laws prohibiting discrimination based on race, color, creed, sex, sexual orientation, age, national origin, or ancestry, physical or mental disability, veteran status, marital status, HIV-positive status, as well as any other category protected by federal, state, or local laws. All such discrimination is unlawful, and all persons involved in the operations of the company are prohibited from engaging in this type of conduct.
Castalia Systems is looking for an active, TS/SCI cleared Vulnerability Assessment Analyst (VAA) to perform assessments of systems and networks. The VAA will directly support the risk management and A&A process. Their role to identify where systems and networks deviate from acceptable configurations, enclave policy, or local policy is critical to the successful mission of securing a large infrastructure. This person will measure the effectiveness of complete defense-in-depth architecture and implementation for multiple programs and systems against known and emerging vulnerabilities, helping to shed light on weak areas and providing actionable results to security and engineering teams to improve the overall security posture.
Security Clearance required: Active TS with SCI Eligibility, an active TS/SCI with CI Poly preferred. Candidate must be able to obtain CI Poly
Location: Springfield, VA
Responsibilities for this position include but are not limited to:
- Conduct technical reviews and analysis of systems and networks within specific environments
- Conduct and/or support authorized penetration testing on enterprise network assets.
- Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
- Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Knowledgeable and demonstratable skills:
- Conducting vulnerability scans and recognizing vulnerabilities in security systems.
- Computer networking concepts and protocols, and network security methodologies and how they apply to cyber threats and vulnerabilities.
- Risk management processes (e.g., methods for assessing and mitigating risk)
- How traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Access control mechanisms and security models
- Familiar of programming languages and scripts
- System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Different classes of cyber-attacks and stages and how to mimic threat behaviors.
- Concepts and ability to use multiple operating systems (eg, Unix/Linux, IOS, Android, MacOS and Windows)
- Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
- Use penetration testing tools, social engineering techniques, and network analysis tools
Education:
Bachelor’s degree or higher from an accredited college or university.
Desired degree in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering degree, Mathematics or an Engineering field.
Required Certifications:
Candidate must have a current DoD 8570 IAT Level 2 certification
Desired
Certifications: CFR, Cloud+, CySA+, GCED, GICSP or PenTest+
Why Castalia?
Castalia provides a positive and rewarding work environment. We make sure our employees feel valued and the ability to balance quality work with their personal lives. We offer a generous benefits package that includes medical, dental and vision coverage, 401k matching with day 1 vesting, PTO, and paid holidays, paid life insurance, AD&D, and long/short-term disability, professional training, and much more!
Castalia is an equal employment opportunity and affirmative action employer and strives to comply with all applicable laws prohibiting discrimination based on race, color, creed, sex, sexual orientation, age, national origin, or ancestry, physical or mental disability, veteran status, marital status, HIV-positive status, as well as any other category protected by federal, state, or local laws. All such discrimination is unlawful, and all persons involved in the operations of the company are prohibited from engaging in this type of conduct.
jackharris.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, jackharris.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, jackharris.com is the ideal place to find your next job.