Cyber Security/Incident Response/Web Risk Analyst (Government)
What are you dreaming of doing with your career?
Candidate must have a minimum of five (5) years of experience in providing highly technical subject matter expertise (SME) and expert guidance to government personnel in the execution of WRA operations or penetration testing and demonstrated experience in at least five of the following areas:
- Research various cyber actors’ TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into penetration tests or web risk assessment operations
- Demonstrated expertise with website scanning and exploitation tools such as HP WebInspect, Accunetix, Burp Suite, Core Impact, etc.
- Exploitation of vulnerabilities associated with most common operating web hosting platforms (IIS, Apache, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.)
- Demonstrated experience performing manual vulnerability testing of web application to include the OWASP Top 10
- Understanding of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX
- Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
- Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
- Development, modification, and utilization of network enumeration engines and Open Source Research (OSR) engines (i.e. Recon-ng, nmap, nessus)
- Plan and execute technical cyber assessments or penetration tests
- Development and utilization of testing methodology for cloud-based and networked systems
- Modification, testing and utilization of computer network attack and exploitation tools
- Operational Risk Management (ORM) concepts and application
Required Clearance: TS/SCI (MANDATORY Current Active or will not qualify
Desired: The following qualifications are desired, but not required:
- Design, build, and implement software, Cyber assessment tools, information assurance products, or computer security applications.
- Write software/scripts in any of the following computer programming languages (C/C++, Ruby on Rails, Python, and Perl)
- Computer network or system design and implementation
AT&T is an Affirmative Action/Equal Opportunity Employer and we are co
We’re using our network, labs, products, services and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation?
Our people, and their passion to succeed, are at the heart of what we do. Today, we’re poised to connect millions of people with their world, delivering the human benefits of technology in ways that defy the imaginable.
Wireless Services, U-Verse, Enterprise Applications & Managed Hosting Solutions
Company Type: Public Company
Company Size: 10,001+