Principal Cybersecurity Analyst / Penetration Tester
Arlington, VA (Pentagon) Our client, a highly strategic, agile small company, delivering cutting-edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Principal Cybersecurity Analyst to support the CIO on a robust, flagship DoD IT / Cyber program in Arlington, Virginia at the Pentagon. This is an exceptional opportunity to contribute on the front end of an innovative, dynamic National Security cyber effort that will have an immediate and lasting impact on our Nation’s most critical systems. Though this is a federal program, the dynamic environment is one of a fast-paced, cutting-edge start up, pioneering solutions that will forever impact the security of our Nation. This position requires an active TS/SCI clearance recorded in the JPAS system. CLEARANCE REQUIRED: Active Top Secret/SCI US Government clearance Responsibilities: Your excellent technical skills will assist in identifying risk to enterprise systems across a broad spectrum of technologies and processes. Your responsibilities will also include elements of physical and environmental protection, penetration testing, incident handling, and security training and awareness. In close coordination with the rest of the security team, you will play an active role in defending the enterprise. Candidates must possess thorough understanding of Windows & Linux operating systems, contemporary networking, penetration testing, and cybersecurity tools, techniques, and tactics. Prepare, document, and test national security systems and organizations using adversary tools and techniques to identify system vulnerabilities. Conduct vulnerability analysis and penetration testing as directed. Assist in security investigations and responses as necessary Researches threats and vulnerabilities and provides mitigation and remediation recommendations Document the results of field inspections and tests, support the development of resulting plan of actions & milestones (POA&M). Research evaluate new security technologies and countermeasures Improves operations by conducting functional and systems analyses and recommending changes in policies and procedures Prepare system implementers for successful assessments through cybersecurity advisement. Works with the customer to identify and implement security requirements, security best practices, and security controls Continuously review and evaluate best practices for implementing a comprehensive cybersecurity and monitoring program Provide cyber security technical expertise and analysis for new technologies and configurations. Provide written expert position and recommendations, packages, templates and guidance to gain approval for new or upgraded software Requirements: Candidates must have extensive experience with risk assessment technologies and processes including understanding of the adequacy of implemented security features across a broad range of technologies. Must have demonstrated practical penetration testing / vulnerability exploitation experience Must have knowledge of host and network access control and auditing technologies and methods. Must have knowledge of application security and software vulnerabilities. Must have an understanding of incident response, configuration management, and defense in depth best practices. A background and some experience with RMF, NIST SP800-53, CNSSI, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is necessary. Experience with security configuration related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems. Knowledge of intrusion detection methodologies and techniques for detecting host- and network- based intrusion via intrusion detection technologies A minimum of 6 years’ experience with information security and related security concerns including penetration testing and information system security assessments. Must have an active TS/SCI clearance with the U.S. Federal Government.