Search Open/Close
Open/Close Header Details
Search
Tuesday, September 21, 2021

PP - Penetration Testing/Vulnerability Assessment Specialist – Senior

Penetration Testing Vulnerability Assessment Specialist - Senior

 

Clearance: US Citizen with TS/SCI with Poly

Apply for this position:  Send a Microsoft Word copy of your resume to: HR@zavda.com

 

Job Description:

Zavda was founded in 2006 and is an SDB certified, Service-Disabled Veteran Owned, and Woman-owned small business that offers leading IT management, Intel, and Cyber opportunities in both the private and public sectors.  Zavda is looking for a Penetration Testing Vulnerability Assessment Specialist to perform assessments of systems and networks to determine the effectiveness of defense-in-depth architecture against known vulnerabilities based on DoD and IC policies, as well as industry best practices. Reviews and evaluates vulnerability scans, reports, or other IT/IS artifacts to identify systemic security issues and areas of weakness within a given DoD enclave, system, or enterprise. Works with stakeholders and system security engineers to effectively communicate the risks of identified vulnerabilities. Assists with remediation solutions of identified security vulnerabilities based on DoD, IC, and Federal policies, standards, and industry best practices. Identifies vulnerabilities of and attacks to the design and operation of a system (H/W, S/W, ICS/SCADA/IOT, personnel, procedures, logistics, and physical security) by relating vulnerabilities and attacks to effects on operations and missions supported by those systems. Compares and contrasts various system attack techniques and develops operationally effective countermeasures. Produces formal and informal reports, briefings, and perspectives of actual and potential attacks against the systems or missions being studied.

 

Required:

  • Analyze organization's cyber defense policies and configurations and evaluate compliance with DoD regulations and organizational directives
  • Perform information system security vulnerability scanning to discover and analyze vulnerabilities to support the characterization of risks to networks, operating systems, applications, databases, and other information system components
  • Perform analysis on SCADA and Control Systems devises
  • Perform malicious code analysis
  • Perform analysis on network security devices
  • Conduct reverse engineering
  • Conduct network operating systems and network data/traffic analysis
  • Evaluate compliance scans and reports to analyze configurations
  • Facilitate audit reviews of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
  • Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
  • Share meaningful insight about the context of an organization's threat environment that improve its risk management posture
  • Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
  • Communicate, both verbally and written, security and compliance issues in an effective and appropriate manner
  • Recommend appropriate remedial actions to mitigate risks and ensure information systems employ the appropriate level of information security controls
  • Validate remedial actions and ensure compliance with information security policy and regulatory requirements
  • Maintain proficiency in threat and vulnerability management best practices
  • Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions

Education / Experience:

  • B.S. in Computer Science or related field + 10 years Vulnerability Analyst experience -OR-
  • H.S. + 14 years
  • Must have experience with Infrastructure Control Systems/Supervisory Control and Data Acquisition/Internet of Things (ICS/SCADA/IOT) devices and software
  • Must have IASAE Level 2 cert - CASP+, CISSP, CSSLP
  • Must have at least one of the following: IACRB Certified Expert Penetration Tester, Offensive Security Certified Professional, Offensive Security Certified Expert

Job Location:

  • Fort Meade, MD

Zavda is a small business and an equal opportunity employer- Veteran/Female/Minorities/Individual with Disabilities.  With Zavda you have the opportunity to provide dependable solutions and support that with benefit the national security missions.  Zavda prides itself to providing continual professional growth and success for the Zavda Team.

Back To Top