Description The DarkStar Group is seeking a Cyber Engineer with a TS/SCI Poly clearance (applicable to this customer) to join one of our top projects in Chantilly, VA. Below is an overview of the project, as well as information on our company, our benefits, and our $25,000 referral program. THE PROGRAM The DarkStar Group is a member of 100% of the winning teams for the largest technology program in the Intel Community. We've been supporting this customer on many different sub-projects of this program since our founding in 2013. We've grown on this effort by providing the customer with Engineers who have done exceptional work, and we've retained our staff by paying very strong salaries, and working hard to ensure each Engineer is doing work that aligns with their career interest. THE PROJECT
The Sponsor supports a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. The Sponsor requires subject matter expertise in technical risk analysis of enterprise and mission systems, IT systems and networks, mobile and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of Sponsor's technical risk assessment activities. The Sponsor also requires software development to maintain an online infrastructure, evaluating and extracting relevant data, web development, and software coding. The Role * The Contractor shall perform technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies.
* The Contractor shall gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts of a given technology implementation being evaluated, from which real insights can be derived to inform risk assessor's judgement.
* The Contractor shall apply consistent and systematic investigative practices to comprehensively assess risks, identify and characterize threats and vulnerabilities.
* The Contractor shall evaluate system or network operations using network management platforms, network scanning tools, auditing functions, PCAP captures, and log reviews.
* The Contractor shall analyze system, network, or cloud configurations for mis-configured settings, configurations not required for deployment, removal of test scripts to minimize the configuration to fulfill the specific deployment.
* The Contractor shall analyze hardware and software used in a system or network for origin of manufacturer, known vulnerabilities, outdated hardware or software.
* The Contractor shall remain current with existing and future technologies to assist the Sponsor with identifying associated risks of implementing proposed technologies.
* The Contractor shall provide guidance of potential cyber threats, attacks, and exploitations and advise decision-makers of the inherent risks and mitigation to the Sponsor's equities.
* The Contractor shall ensure appropriate risk mitigation considerations are baked in early in the development cycle, and risks and vulnerabilities are well understood and appropriately mitigated.
* The Contractor shall organize and schedule work to effectively manage a case load
* The Contractor shall track, document, and communicate progress status updates and weekly status updates on all technical risk assessment reports, cases describing potential security concerns and mitigations to enhance security posture.
* The Contractor shall work with applications in the Sponsor's cloud environment such as AWS, Oracle, Google, Microsoft Azure, and IBM.
* The Contractor shall provide support for the implementation, design and building enhancements, and long-term maintenance of a new application.
* The Contractor shall design and develop the application in a Web environment.
* The Contractor shall analyze user needs and develop software solutions.
* The Contractor shall design software or customize software to optimize operational efficiency.
* The Contractor shall perform testing, debugging and quality assurance of the application.
* The Contractor shall play a major role in implementing a modern, high profile, mission enabling application used daily.
Required Skills * Demonstrated experience analyzing IT systems for cyber security vulnerabilities.
* Demonstrated experience developing IT system or network architecture design, conducting IP data flow analysis, encryption configuration, and vulnerability analysis using both open-source and commercial tools, such as Nmap, Wireshark, Metasploit, Canvas, Kismet, or BackTrack.
* Demonstrated experience analyzing IT network configurations of devices such as firewalls, routers, switches, VPNs, or Intrusion Detection/Prevention Systems for cyber security vulnerabilities.
* Demonstrated experience with communications protocols such as IP, TCP, UDP, HTTP, HTTPS, MPLS, OSPF, IGRP, BGP, SIP, H.232.
* Demonstrated experience with multiple OS's, including Windows, Linux, and OSX.
* Demonstrated experience with Microsoft Windows ver.; 7, 8, 10, 2008R2, 2012, 2012R2, or 2016.
* Demonstrated experience with cloud computing technology and hypervisors such as HyperV, VMWare ESX, or Virtual Box.
* Demonstrated experience with transitioning security domains and use of cross domain appliances.
* Demonstrated experience with network management systems, network storage, backup systems, and disaster recovery (DR) architectures.
* Demonstrated experience performing technical risk assessments and providing technical risk mitigation guidance.
* Demonstrated experience ensuring appropriate risk mitigation considerations, risks and vulnerabilities are well understood and appropriately mitigated.
* Demonstrated experience analyzing procurement processes of hardware, software and services to comply with cyber security and operational needs.
* Demonstrated experience creating concise and well-structured written assessments.
* Certifications
* CISSP Certification.
* Demonstrated experience with Front-end web development tools such as Node and NPN.
* Demonstrated experience using Java Script Object Notion (JSON) for Application Program Interface (API) development.
* Demonstrated experience with software development languages such as TypeScript and JavaScript.
* Demonstrated experience with strongly typed programing language concepts.
* Demonstrated experience with Node NPM software language.
* Demonstrated experience with Integrated Development Environment (IDE) software such as Visual Studio.
* Demonstrated experience with software development Mark Up Languages such as JSON, CSS, and HTML.
* Demonstrated experience with RESTful interfaces.
* Demonstrated experience developing and maintaining redundant applications hosted in Linux or Unix using Apache server.
Desired Skills (Optional) * Demonstrated experience with the Sponsor's IT review boards.
* Demonstrated experience with providing recommendations to IT architecture and design reviews.
* Demonstrated experience with the Sponsor's security policies and regulations.
* Demonstrated experience providing recommendations in technical standards, security standards, and operational assurance.
* Demonstrated experience with USG standards such as Intelligence Community Directive (ICD) 503, Federal Information Processing Standards (FIPS), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-60.
* Certifications: Certified Information Security Manager (CISM), Certified Ethical Hacker.
* Demonstrated experience using Java or Java using Spring.
* Demonstrated experience with Sponsor networks, systems, and services.
* Demonstrated experience with the Sponsor's authentication and authorization process.
* Demonstrated experience delivering solutions with cloud services such as AWS, Oracle, Google, Microsoft Azure, or IBM.
* Demonstrated experience with Apache Tomcat.
* Demonstrated experience with Continuous integration systems (Jenkins).
* Demonstrated experience upgrading and refining existing production applications (working with legacy code).
* Demonstrated experience with JIRA.
* Certifications * AWS Certification or similar About The DarkStar Group Our Company The DarkStar Group is a small business that solves BIG problems. We're one of the Inc. 5000 fastest-growing private companies in the US, and our engineers and scientists support the most critical national security missions in Virginia, Maryland, and elsewhere. Data Science, Software Engineering, Cloud/AWS Infrastructure, and Cyber/CNO are our core areas of expertise. We offer interesting and important work, job security, some of the best and most flexible benefits you'll find in the IC, and salaries so strong that they'll likely surprise you. Our Benefits The DarkStar Group offers exceptional compensation and benefits: * very strong salaries;
* 100% company-paid medical, dental, and vision premiums for you and all dependents;
* the ability to get increased salary if you don't need medical/dental/vision;
* 100% company-paid disability and life insurance benefits;
* a generously-funded HSA;
* an 8% 401(k) contribution; * 31 days of PTO/holidays to start (more with tenure);
* the ability to flex time across pay periods without using your PTO;
* a generous training budget;
* $25,000 employee referral bonuses;
* business development / growth incentives; and
* top notch company swag.
** We have a huge growth opportunity, so we are offering up to a $25,000 reward for anyone new you refer whom we hire. ** All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disabil