Search Open/Close
Open/Close Header Details
Search
Saturday, June 19, 2021

PP - Penetration Testing/Vulnerability Assessment Specialist – Level 3

Penetration Testing/Vulnerability Assessment Specialist – Level 3
 
Clearance: TS/SCI w/ Polygraph

Apply for this position:
Send a Microsoft Word copy of your resume to: HR@zavda.com

Job Description:
Zavda was founded in 2006 and is a SDB certified, Service Disabled Veteran owned, and Woman owned small business that offers leading IT management, Intel, and Cyber opportunities in both the private and public sector.  Zavda is looking for a Penetration Testing/Vulnerability Assessment Specialist – Level 3 who will perform assessments of systems and networks to determine the effectiveness of defense-in-depth architecture against known vulnerabilities based on DoD and IC policies, as well as industry best practices. Reviews and evaluates vulnerability scans, reports, or other IT/IS artifacts to identify systemic security issues and areas of weakness within a given DoD enclave, system, or enterprise. Works with stakeholders and system security engineers to effectively communicate the risks of identified vulnerabilities. Assists with remediation solutions of identified security vulnerabilities based on DoD, IC, and Federal policies, standards, and industry best practices. Identifies vulnerabilities of and attacks to the design and operation of a system (H/W, S/W, ICS/SCADNIOT, personnel, procedures, logistics, and physical security) by relating vulnerabilities and attacks to effects on operations and missions supported by those systems. Compares and contrasts various system attack techniques and develops operationally effective countermeasures. Produces formal and informal reports, briefings, and perspectives of actual and potential attacks against the systems or missions being studied.
 
Required: Responsibilities include, but are not limited to:

  • Analyze organization's cyber defense policies and configurations and evaluate compliance with DoD regulations and organizational directives
  • Perform information system security vulnerability scanning to discover and analyze vulnerabilities to support the characterization of risks to networks, operating systems, applications, databases, and other information system components
  • Perform analysis on SCADA and Control Systems devises
  • Perform malicious code analysis
  • Perform analysis on network security devices
  • Conduct reverse engineering
  • Conduct network operating systems and network data/traffic analysis
  • Evaluate compliance scans and reports to analyze configurations 
  • Facilitate audit reviews of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components 
  • Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications) 
  • Share meaningful insight about the context of an organization's threat environment that improve its risk management posture 
  • Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
  • Communicate, both verbally and written, security and compliance issues in an effective and appropriate manner
  • Recommend appropriate remedial actions to mitigate risks and ensure information systems employ the appropriate level of information security controls
  • Validate remedial actions and ensure compliance with information security policy and regulatory requirements
  • Maintain proficiency in threat and vulnerability management best practices 
  • Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions 
  • Skill Level 2 Qualifications -Ten (10) years of experience as a Vulnerability Assessment Analyst on programs and contracts of similar scope, type, and complexity within the Federal Government is required. Bachelor's Degree in Computer Science, Information Technology, Information Assurance, Cybersecurity, or related discipline from an accredited college or university is required. Four (4) additional years of Vulnerability Assessment Analyst experience may be substituted for a Bachelor's Degree. DoD 8570 compliance with lASAE Level 2 is required

Education/Experience:

  • Ten (10) years' experience as a Vulnerability Assessment Analyst on programs and contracts of similar scope, type, and complexity. DoD 8570 compliance with lASAE Level 2 is required
  • A Bachelor's Degree in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Computer Forensics, Cyber Security, Information Technology, Information Assurance, and Information Security). Relevant experience must be in computer or information systems design/development, programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, and/or systems engineering. Four (4) additional years of Vulnerability Assessment Analyst experience may be substituted for a Bachelor's Degree
  • Must have experience with Infrastructure Control Systems/Supervisory Control and Data Acquisition/Internet of Things (ICS/SCADA/IOT) devices and software
  • One of the following certifications: IACRB Certified Expert Penetration Tester, Offensive Security Certified Professional, or Offensive Security Certified Expert

Job Location:

  • Ft. Meade, MD

Zavda is a small business and an equal opportunity employer- Veteran/Female/Minorities/Individual with Disabilities.  With Zavda you have the opportunity to provide dependable solutions and support that with benefit the national security missions.  Zavda prides itself to providing continual professional growth and success for the Zavda Team.
 
 

Back To Top