Junior PenTest Vulnerability Analyst

About The Position

Requirements

• Active Certification: IAT 8570 Level 1 (Sec+, etc)
• Active TS/SCI with CI Poly
• Must be willing to travel up to 25% of the time. At most, one week per month, but travel will likely be less frequent. Most sites CONUS.
• Bachelors degree in a relevant field. Additional years of experience can count in lieu of a degree (AS with 3+ years, or high school degree with 5+ years of relevant experience). Additional flexibility pending Customer approval.
• Knowledge of network security architecture concepts including protocols, components, and principles.
• Knowledge of Risk Management Framework, in particular the technical controls within 800-53.
• Knowledge of system and application security threats and vulnerabilities, TCP/IP, and the OSI Model.
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of threat research, vulnerability analysis, risk assessment, CVSS scoring, and Common Vulnerabilities and Exposures (CVE).
• Strong problem-solving and critical-thinking skills with the ability to diagnose and troubleshoot technical issues.

Nice To Haves

• Experience evaluating systems and recommending changes to improve security posture.
• Experience with penetration testing, system and network configuration, and familiarity with different operating systems and virtualization platforms.
• Skill in conducting vulnerability scans and recognizing vulnerabilities and remediation recommendations.
• Hands on experience using industry standard vulnerability assessment tools and techniques (NMAP, Nessus, Metasploit, Wireshark).

Responsibilities

• Conduct Vulnerability Assessment of network, host, and web applications, leveraging tools such as Tenable Nessus, NMAP, Wireshark, Rapid7 Metasploit, Burp Suite, etc.
• Work closely with the Security Control Assessor to perform IT security assessments in support of Risk Management Framework (RMF).
• Maintain vulnerability assessment toolkit utilizing Ubuntu and Kali platforms
• Prepare assessment reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Research vendor security advisories, vulnerability reports, product changelogs, bug trackers, commits, exploits, and other sources to triage vulnerabilities.
• Communicate effectively with various stakeholders, including System Owners, Administrators, and Program Management.
• Participate in meetings and briefings to coordinate test events, recommend remediation, and provide lessons learned.

Benefits

• medical
• dental
• vision
• paid time off
• 401(k)
• life insurance
• flexible work schedules
• holidays