| Return to Job Search |
| BA 381 vulnerability management (Senior) | Dec 21, 2020 | ||
| Linthicum Heights, MD | |||
 | |||
| Requirements | |||
| |||
 | |||
|
Senior Required Skills: • Expert technical understanding of software and web application security and common vulnerabilities (CWE, CVE) • Demonstrated technical ability to validate web vulnerabilities on live DoD web properties using manual techniques and common tools • Demonstrated ability to recognize, interpret, and communicate in information assurance vulnerability management (IAVM), Risk Management Framework (RMF), and security technical implementation guides (STIGs) • Demonstrated knowledge of various software testing methodologies, test case creation and the reporting process • Knowledge of current DoD cyber security challenges and threats • Knowledge of common web application architecture and programming techniques, including common languages (e.g., JavaScript, PHP, SQL) • Familiar with Layer 2/3 network and security appliance capabilities; familiar with TCP/IP protocol stack • Strong verbal and written communication skills; ability to provide expert review of accurate and timely technical reports for release to external customers • Flexibility to adapt to dynamic work environment to meet organizational requirements • Ability to use sound judgement when conducting live testing to avoid or minimize impact to production services and data • Superior organizational skills to analyze, develop, and deliver detailed reports to meet short suspense windows • Aware of industry trends; IoT, ICS/SCADA, containerization technologies, Dev-Sec-Ops • Certifications (any): CEH, GCIH, Security+, CCNA Cyber Ops, GWAPT, GPEN, OSCP, OSWE Desired Skills: • Certifications (any): CEH, GCIH, Security+, CCNA Cyber Ops, GWAPT, GPEN, OSCP, OSWE • Strong attention to detail and ability to prepare documents for customer review The Vulnerability Management Team member will provide technical support to the DoD Vulnerability Disclosure Program (VDP) for the Defense Cyber Crime Center (DC3). These activities directly support the mission to improve defense of the DoD Information Network (DoDIN), by receiving, validating, and disseminating cybersecurity vulnerabilities reported by private-sector researchers. The VDP team tracks and analyzes reported vulnerabilities and mitigation actions by systems owners to identify gaps in DoDIn defenses; areas requiring increased attention, and areas for improvement. This position performs technical validation and initial severity assessment of externally-reported web security vulnerabilities Alliant LCAT Description: Possesses and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable. Suggested Qualifications: 13 years of professional experience without a degree; or 5 years of professional experience with a Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education; or 3 years of professional experience with a related Masters degree; or no experience required with a related PhD or JD. Consideration should always be given for the level of specific domain expertise. |
|||
| |||
| Apply | |||
| |||
