|Technical Info Security Analyst|
|USA CALIFORNIA San Francisco|
Entering ManTech’s 50th year, we hold the distinct honor of being named a “Top 100 Global Technology Company” by Thomson Reuters. We have earned this and many other accolades over the years for our dedication to serving the missions of our nation’s most important customers: U.S. Intelligence, Defense and Federal Civilian agencies. All know us as a trusted partner offering best-in-class solutions in cyber, data collection & analytics, enterprise IT, and systems and software engineering tailored to meet their specific requirements.
The preferred candidate will have experience in performing Vulnerability Assessment, Security Control Assessments, and Red Team activities.
Experience in performing Vulnerability Testing, Security Control Assessments and Red Team activities.
Testing may includes web application assessments, static code review and analysis, mobile (iOS, Android), wireless assessments, SCADA, and infrastructure assessments.
Develop and document security evaluation test plans and procedures.
Provide technical expertise and guidance in developing and supporting business applications to ensure they are deployed securely.
Responsible for aligning industry best security practices and technology solutions with business strategies.
Maintain knowledge of current security tools and industry best practices: tools, techniques, procedures, tactics, attacks and forensics.
Prioritize and manage tasks as needed, on the status of action items and/or results of activities.
Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures.
Coordinate with other program elements while conducting security testing.
Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
Experience with a wide range of InfoSec vulnerability assessment tools to include Nessus, IP360, Qualys, Appscan, etc.
The ideal candidate MUST have a strong understanding of the following technologies and their security vulnerabilities:
Web Applications and Technologies: advanced understanding of application programming languages, application servers, Web services, and Web browsers. Candidate should also understand the vulnerabilities related to these technologies, as well as security best practices when using them. Candidate should also be able to use automated assessment tools coupled with manual testing techniques to assess these applications.
Networking Technologies: advanced proficiency with various networking skills and technologies, including (but not limited to) Cisco hardware and IOS, firewalls, IDS and IPSs, packet analysis, and high level network architecture fundamentals.
Enterprise Solutions, Storage and Databases: understanding of relational databases, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
Virtualization technologies: advanced experience with VMware products, Microsoft virtualization technologies and/or similar technologies.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret Clearance may be required in the future.
|Requires Bachelor's degree in (computer engineering, computer science, Information Technology, MIS) or related discipline, and four years's related experience.|
|Preferred technical experience: |
• Proficient in Windows and Linux operating systems
• Working knowledge of nmap scanning (Slow Scans, Service detection, OS detection, namp Scipts)
• Working knowledge of web aplication scanning tools (Burp, Nikto, Zap) and interpreting results.
• Working knowledge of vulnerability scanners (Nexpose, Nessus) and interpreting results.
• Working knowledge of using Nipper (network infrastructure parser) for different network devices and interpreting results.
• Working knowledge of using database scanning tools (Appdetective, Scuba) and interpreting results.
• Ability to complete manual configuration review for different operating system (Linux, Solaris, Windos XP, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2012) based on the CIS benchmarks
• Ability to complete manual configuration review for different database servers (MySql, MSSQL, Oracle) based on the CIS benchmarks.
• Ability to complete manual configuration review for web application based on the OWASP and NIST guidelines.
• IP360, Qualys, and Appscan a plus.
|ManTech International Corporation is comprised of approximately 7,300 talented employees who use advanced technology to help government and industry meet some of their greatest challenges around the world. We adhere to the simple, no-nonsense values on which ManTech was founded more than four decades ago, aligning squarely with the mission objectives of our customers. As our customer base continues to expand and diversify, we continue to diversify our workforce and solutions. Nearly half our employees have a military background, and approximately 70 percent hold a government security clearance. As a leading provider of innovative technology services and solutions for the nation's defense, security, health, space, and intelligence communities; we hold nearly 1,100 active contracts with more than 50 different government agencies.|