Vulnerability Assessor - TS/SCI Required
The scope of the position includes security engineering, security assessment and testing, and information system security oversight activities that support complex systems from the perspective of sophisticated threat actors. Must be capable of understanding secure network design, security and operational requirements, the ability to think like a bad guy and develop actionable test plans based on both requirements and the systems as-built, and the ability to clearly communicate via technical writing. a holistic design/test/report/fix capability is necessary. A good understanding of modern network security practices is a must, as is the ability to come up with novel ways of getting around specific security-focused deployments of networks, hosts, and services.
The primary operating location is in Arlington, VA (Ballston).
- In this role, you will use your expertise in cybersecurity to ensure the success of this key program for InfoReliance. We are seeking an accomplished, creative and self-motivated individual who enjoys working within a dynamic growth-oriented environment.
- Candidates should have no less than a current full TS clearance to be considered. Does not currently require polygraph testing.
- Travel by air is required throughout the United States. Frequency is approximately once every three months for a period of one to two weeks.
Day-to-Day Responsibilities include:
- Utilizing leading COTs and custom security tools, assess systems for compliance and vulnerabilities
- Utilize knowledge of NIST 800-53 Rev 3&4 and CNSSI 1253 controls in assessments of system compliance
- Participate as a team member and lead assessment of systems
- Mentor junior team members
- Act as SME on systems built by Commercial Service Providers and accredited by the government
- Review and evaluation of Change Requests and POA&Ms and update status in appropriate database/tracker
- Participate and lead Technical Exchange Meeting in a government Program Management Office (PMO) SME support role
- Conduct on and off site vulnerability assessments
- Review and evaluate systems security documentation, software code, configuration files, SSPs, SecConOps for compliance and vulnerabilities.
- Leverage systems and networking skills to evaluate and exploit vulnerabilities from insider threat and external threat perspective
- Design review, security Control and vulnerability assessments.
- Security assessment and analysis, product evaluation, and countermeasure development
- Operation of these environments to include routine maintenance and administration of all hardware and software components
- Design and implementation of virtualized environments used to similar commercial service provider networks in support of security assessment planning and execution
- Implementation and operation of a classified lab used to conduct analysis of security assessment results and development of SAR/RAR deliverables as well as reference modeling for new network defense capabilities
- Participate in the design and implementation of reference models and security architectures for new countermeasures developed within our lab
- Bachelor’s Degree in an Information Technology related field and/or applicable equivalent work experience
- Minimum of seven (7) years of progressive experience implementing, maintaining, and operating network technologies and servers
- Expertise and proficiency in operating common, enterprise grade technologies from major vendors (Cisco, Juniper, Palo Alto, FireEye, HP, Dell, VMware etc.)
- Expertise and proficiency in administering operating systems (including Windows, Linux, Unix, and VMware), layer 2/3 network technologies (routers, switches, appliances, and firewalls), and computer hardware
- Familiarity with federal information security standards (NIST SP 800-53rev 3&4, FedRAMP, CNNSI 1253, etc.) and practical experience implementing solutions that comply with these standards
- Ability to multi-task in a deadline oriented environment
- Demonstrated ability to work well independently with little input, and as a part of a team
- Excellent work ethic and a high commitment to quality
Additionally, this position requires the following:
- Final Top Secret clearance with eligibility for SCI access is required to support the contract
- Must successfully complete the government’s security process and receive DHS Suitability
Desired Skills :
- Strong ability to work in a team environment as well as independently
- Possesses the ability to work with diverse, integrated, deliverable-driven teams to accomplish the larger mission
- Must demonstrate strong personal initiative
- Have a strong desire to grow technically and professionally
- Have an outstanding attitude and a desire to ensure customer success.
- Experience in working on a cross-functional team
Cloudburst Security is a Women Owned Small Business (WOSB) dedicated to protecting U.S. government networks and infrastructure. We consider our culture to be among one of our strongest assets. Employees have direct access to management and ownership, making relationships among our staff stronger than most companies. From company events to our second-to-none mentorship program, a career at Cloudburst Security isn't only about maximizing your individual potential; it’s about maximizing the potential of the entire organization. If you feel you are qualified for this position and are interested in joining a company that truly treats employees like family, we would like to hear from you.
Cloudburst Security provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability or genetics. In addition to federal law requirements, Cloudburst Security complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.
Cyber Security, Focused Operations, Security Operations Centers, Information Assurance
Company Type: Privately Held
Company Size: 11 - 50