** Bonus (Hiring/Relocation) available for Qualified Candidates with Active TS/SCI clearances **
** This position is located in San Diego, CA **
SAIC is looking for a Cyber Security Penetration Tester experienced in RED Team testing (i.e., Offensive) and building BLUE Team response strategies (i.e., Defensive). This position is responsible for developing and executing offensive test plans for Programs of Record (PoR) within Program Executive Office (PEO) C4I. The Engineer performs penetration testing of different systems and their levels of security programs to identify exploitable vulnerabilities within the system's architecture. In addition, the Engineer will assist Information Assurance (IA) analysts and cyber security engineers in the elimination of potential vulnerabilities, perform network security assessments, and provide input to a variety of incident response plans. The individual will provide information that aids in the determination of engineering solutions' security, resilience, reliability and interoperability for execution and implementation on Navy Networks and systems.
• Develop detailed offensive and defensive security plans and execute plans after their approval.
• Analyze risks and provide digital security infrastructure assessments, completed with testing & audits.
• Design, test, and implement secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
• Conduct risk and offensive vulnerability assessments at network, system and application levels.
• Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.
• Assists in the implementation of the required government policy (i.e., NISPOM, ICD 503, and makes recommendations on process tailoring.
• Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.
Bachelors and five (5) years or more of experience. Masters and three (3) years or more experience. Applicable experience will be accepted in lieu of advanced degree.
Required Skills and Certifications:
Ability to work with and build relationships with a variety of stakeholders; government technical representatives, and other supporting contractors; excellent written and oral communications; ability to work independently or in a team collaborative environment; ability to brief senior government personnel; has a solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked systems
• Possess Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester (OPST), OSSTMM Professional Security Expert (OPSE) and/or equivalent certification
• Certified in one or more of CISSP, CISM, or CISA, and Security +, Network +.
• Ability to develop Penetration Test Plans that exercises holistically the security postures of hardware and software components of networks, operating systems, web sites and applications
• Deploys, maintains, and troubleshoots security testing tools, as required
• Maintains proficiency in network, web, operating system and application penetration testing
• Performs and documents remediation planning (Must meet the minimum penetration testing standards and proficiency necessary for applicable security controls outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53).
• Experienced in tracking and reporting Development and Integrator Teams' implementation of product security requirements throughout software development lifecycle, including post-production and distribution
• Documents efforts using Word, Excel and Visio.
Desired Skills and Certifications:
• Working experience with Assured Compliance Assessment Solution (ACAS) scan analysis, Security Technical Implementation Guide (STIG) Checklists, Security Content Automation Protocol (SCAP) Compliance Checker (SCC) benchmarks, Vulnerator, XACTA, and McAfee ePolicy Orchestrator (ePO) and Host-Based Security System (HBSS)
• Experience with policy implementation that includes NIST, Department of Defense (DoD), Department of Homeland Security (DHS), Department of the Navy (DON), Federal Information Security Management Act (FISMA), Office of Manpower and Budget (OMB), Federal Information Processing Standards (FIPS), and/or Committee of National Security Systems (CNSS).
Past performance with hard disk and memory forensics
My SAIC Benefits.