Overview
On Site
Full Time
Skills
Data-flow analysis
Certified Ethical Hacker
IT risk
Wireless networking
Network administration
Software development
Web development
Use cases
Technical drafting
System security
Network operations
Test scripts
Risk management
Cyber security
Network design
Vulnerability assessment
Open source
Computer networking
Intrusion detection
Microsoft Windows
Cloud computing
VMware ESX
VirtualBox
Disaster recovery
IT architecture
Design review
Information security
Information Technology
Systems engineering
Federal government
Security clearance
Communication
Scripting
Computer hardware
Data
Network
Procurement
SSP
Auditing
Management information systems
Software deployment
Equities
Management
Oracle Linux
Design
IP
Encryption
Nmap
Wireshark
Metasploit
Kismet
Backtrack
Firewall
Routers
Switches
Virtual private network
TCP
UDP
HTTP
HTTPS
MPLS
OSPF
IGRP
Border Gateway Protocol
SIP
Linux
OS X
R
Hypervisor
Hyper-V
Storage
Backup
CISSP
Policies
ICD
FIPS
National Institute of Standards and Technology
CISM
SAP BASIS
FOCUS
Job Details
Job ID: 2404986
Location: CHANTILLY, VA, US
Date Posted: 2024-04-03
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: TS/SCI with Poly
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: No
Description
INTRODUCTION: The Sponsor supports a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. The Sponsor requires subject matter expertise in technical risk analysis of enterprise and mission systems, IT systems and networks, mobile and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of Sponsor's technical risk assessment activities. The Sponsor also requires software development to maintain an online infrastructure, evaluating and extracting relevant data, web development, and software coding.
Contractor Support; HHR; Yes
Perform technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies.
Gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts of a given technology implementation being evaluated, from which real insights can be derived to inform risk assessor's judgement.
Apply consistent and systematic investigative practices to comprehensively assess risks, identify and characterize threats and vulnerabilities.
Evaluate system or network operations using network management platforms, network scanning tools, auditing functions, PCAP captures, and log reviews.
Analyze system, network, or cloud configurations for mis-configured settings, configurations not required for deployment, removal of test scripts to minimize the configuration to fulfill the specific deployment.
Analyze hardware and software used in a system or network for origin of manufacturer, known vulnerabilities, outdated hardware or software.
Remain current with existing and future technologies to assist the Sponsor with identifying associated risks of implementing proposed technologies.
Provide guidance of potential cyber threats, attacks, and exploitations and advise decision-makers of the inherent risks and mitigation to the Sponsor's equities.
Ensure appropriate risk mitigation considerations are baked in early in the development cycle, and risks and vulnerabilities are well understood and appropriately mitigated.
Organize and schedule work to effectively manage a case load
Track, document, and communicate progress status updates and weekly status updates on all technical risk assessment reports, cases describing potential security concerns and mitigations to enhance security posture.
Qualifications
Required Skills:
Desired Skills:
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Location: CHANTILLY, VA, US
Date Posted: 2024-04-03
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: TS/SCI with Poly
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: No
Description
INTRODUCTION: The Sponsor supports a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. The Sponsor requires subject matter expertise in technical risk analysis of enterprise and mission systems, IT systems and networks, mobile and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of Sponsor's technical risk assessment activities. The Sponsor also requires software development to maintain an online infrastructure, evaluating and extracting relevant data, web development, and software coding.
Contractor Support; HHR; Yes
Perform technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies.
Gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts of a given technology implementation being evaluated, from which real insights can be derived to inform risk assessor's judgement.
Apply consistent and systematic investigative practices to comprehensively assess risks, identify and characterize threats and vulnerabilities.
Evaluate system or network operations using network management platforms, network scanning tools, auditing functions, PCAP captures, and log reviews.
Analyze system, network, or cloud configurations for mis-configured settings, configurations not required for deployment, removal of test scripts to minimize the configuration to fulfill the specific deployment.
Analyze hardware and software used in a system or network for origin of manufacturer, known vulnerabilities, outdated hardware or software.
Remain current with existing and future technologies to assist the Sponsor with identifying associated risks of implementing proposed technologies.
Provide guidance of potential cyber threats, attacks, and exploitations and advise decision-makers of the inherent risks and mitigation to the Sponsor's equities.
Ensure appropriate risk mitigation considerations are baked in early in the development cycle, and risks and vulnerabilities are well understood and appropriately mitigated.
Organize and schedule work to effectively manage a case load
Track, document, and communicate progress status updates and weekly status updates on all technical risk assessment reports, cases describing potential security concerns and mitigations to enhance security posture.
Qualifications
Required Skills:
- Demonstrated experience analyzing IT systems for cyber security vulnerabilities.
- Demonstrated experience developing IT system or network architecture design, conducting IP data flow analysis, encryption configuration, and vulnerability analysis using both open-source and commercial tools, such as Nmap, Wireshark, Metasploit, Canvas, Kismet, or BackTrack.
- Demonstrated experience analyzing IT network configurations of devices such as firewalls, routers, switches, VPNs, or Intrusion Detection/Prevention Systems for cyber security vulnerabilities.
- Demonstrated experience with communications protocols such as IP, TCP, UDP, HTTP, HTTPS, MPLS, OSPF, IGRP, BGP, SIP, H.232.
- Demonstrated experience with multiple OS's, including Windows, Linux, and OSX.
- Demonstrated experience with Microsoft Windows ver.; 7, 8, 10, 2008R2, 2012, 2012R2, or 2016.
- Demonstrated experience with cloud computing technology and hypervisors such as HyperV, VMWare ESX, or Virtual Box.
- Demonstrated experience with transitioning security domains and use of cross domain appliances.
- Demonstrated experience with network management systems, network storage, backup systems, and disaster recovery (DR) architectures.
- Demonstrated experience performing technical risk assessments and providing technical risk mitigation guidance.
- Demonstrated experience ensuring appropriate risk mitigation considerations, risks and vulnerabilities are well understood and appropriately mitigated.
- Demonstrated experience analyzing procurement processes of hardware, software and services to comply with cyber security and operational needs.
- Demonstrated experience creating concise and well-structured written assessments.
- Certifications: CISSP Certification.
Desired Skills:
- Demonstrated experience with the Sponsor's IT review boards.
- Demonstrated experience with providing recommendations to IT architecture and design reviews.
- Demonstrated experience with the Sponsor's security policies and regulations.
- Demonstrated experience providing recommendations in technical standards, security standards, and operational assurance.
- Demonstrated experience with USG standards such as Intelligence Community Directive (ICD) 503, Federal Information Processing Standards (FIPS), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-60.
- Certifications: Certified Information Security Manager (CISM), Certified Ethical Hacker.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.