Cybersecurity Vulnerability Analyst
Bachelor's degree in a related specialized area or field or the equivalent is required plus a minimum of 5 years of relevant experience; or Master's degree plus a minimum of 3 years of relevant experience.
Department of Defense Secret security clearance is requried at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required.
- Expert technical understanding of software and web application security (e.g., security headers, TLS configuration, secure design and coding practices) and vulnerabilities (e.g. XSS, SQLi, XXE, injection and inclusion)
- Demonstrated technical ability to validate web vulnerabilities on live DoD web properties using manual techniques and common tools
- Demonstrated ability to recognize, interpret, and communicate in information assurance vulnerability management (IAVM), Risk Management Framework (RMF), and security technical implementation guides (STIGs)
- Demonstrated knowledge of various software testing methodologies, test case creation and the
- reporting process
- Knowledge of current DoD cyber security challenges and threats
- Exceptional verbal and written communication skills; ability to provide expert review of accurate and timely technical reports for release for external customers
- Ability to work multiple tasks and flexibility to adapt to dynamic work environment to meet organizational requirements
- Ability to use sound judgement when conducting live testing to avoid or minimize impact to production services and data
- Superior organizational skills to analyze, develop, and deliver detailed reports to meet short suspense windows
- Certifications (any): CISSP, CEH, GCIH, Network+, Security+, A+, CCNA
- Demonstrated experience leading a team
- Demonstrated experience with ISS and Apache servers
- Demonstrated knowledge of Python, CGI gateways and other application development and web design
- Demonstrated knowledge of industry standard applications such as BURP, Netsparker, and Zed Attack Proxy
Responsibilities for this Position:
General Dynamics Mission Systems has an immediate opening for a Cybersecurity Vulnerability Analyst. The position provides an opportunity to enhance the performance and profitability of an organization that supports some of our nation’s fundamental defense services. General Dynamics Mission Systems employees work closely with esteemed customers to develop solutions that allow them to carry out high-stakes national security missions.
This Cybersecurity Vulnerability Analyst position performs technical validation and initial severity assessment of externally-reported web security vulnerabilities.
General Dynamics is an Equal Opportunity/Affirmative Action Employer that is committed to hiring a diverse and talented workforce. EOE/Disability/Veteran.
General Dynamics Mission Systems
General Dynamics Mission Systems offers a powerful and robust portfolio of products, services and solutions that help customers successfully execute their missions in today’s dynamic environment. With unsurpassed engineering using an open architecture approach, General Dynamics Mission Systems solves our customers’ most complex challenges by partnering to address current needs and prepare for future requirements.General Dynamics Mission Systems develops products and communication networks that deliver vital information for military, homeland security and public safety professionals. As a prime provider of “network-centric” products and systems, we seamlessly and securely connect users – from the network core to the tactical edge – with the information they need to decide and act. Our world-class capabilities create high-value, low risk solutions for use on land, at sea, in the air and in space.
Mission Systems Acquisitions:
- GD Advanced Information Systems and C4 Systems are combined to form General Dynamics Mission Systems (Jan. 2015)
- Open Kernel Labs (Sept 2012) - IPWireless (June 2012) - Argus Systems Group (Aug 2011) - Fortress Technologies (July 2011) - Ascend Intelligence (January 2010) - Integrated Defense Systems (Feb. 2008)
- Maya Viz (April 2005) - TriPoint Global (Sept 2004) - Motorola's Integrated Information Systems (Sept 2001)
- GTE Government Systems (Aug. 1999) - Ceridian's Computing Devices International (Jan 1998)
Communications / RF Networking, C4ISR, Cyber Security and Defense, Imaging Technologies, SATCOM Services and Products, Maritime Systems, Platform Integration, Training, Modeling and Simulation
Company Type: Public Company
Company Size: 10,001+