Mid-Level Cybersecurity Assessment Specialist - Millennium Space Systems

About The Position

Requirements

• This position requires an active U.S. Top Secret Security Clearance with SCI eligibility (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)
• Bachelors degree in engineering or related technical discipline and typically 9 or more years' related work experience or an equivalent combination of technical education and experience
• 9 or more years' experience working in Cybersecurity enclaves
• Minimum 1 year of experience working in ISSO role

Nice To Haves

• 3 years' experience as an ISSM
• At least 2 years working as ISSE across multiple bases and systems for civil engineering
• Expertise in Risk Management Framework (RMF)
• Experience with Security Authorization (ATO) process and Program Protection Plans (PPP/PPIP)
• Experience performing Criticality Analysis
• Experience with programming experience in Python, PHP, Perl, Ruby, .NET, or other interpreted or compiled languages
• Experience in penetrating testing and vulnerability assessments using manual techniques and vulnerability testing tools (including scanners, sniffers, fuzzers and exploit tools such as Burp, Nmap, Kali and Metasploit)
• Experience configuring and conducting automated scanning and manual testing
• Experience developing security control plan implementations across 10 NIST SP 800-53 control families for ATO submission supporting mission critical systems for a United States Space Force Space Operation Center
• Experience reviewing and adjudicating RMF ATO artifacts, including the software Assurance plans, trusted file transfer plan, RBAC matrix, and Vulnerability and Patch Management Plans
• Experience evaluating system security configurations
• Experience configuring and conducting automated scanning and manual testing

Responsibilities

• Conduct application and network layer penetration tests on various IT environments
• Conduct red teaming activities, including physical security penetration testing
• Perform independent pen testing utilizing numerous penetration testing tools and leveraging mainly manual techniques, typically testing will necessitate source code analysis
• Write risk prioritized finding reports, debrief system owners and consult on remediation options
• Retest security vulnerabilities that have been identified as fixed to verify remediation
• Contribute to pen testing, red teaming, tooling, and reporting methodology enhancements
• Evaluate effectiveness of defensive countermeasures and consult with blue teams to help improve detection methods and capabilities required for situational awareness
• Perform exploitation analysis and authors exploitation tools/techniques
• Experience performing ACAS and OpenRMF compliance scans for classified networks, identifying weaknesses and reporting results to external organizations
• Experience with secure software development lifecycle and large-scale computing environments
• Experience working with Information Security principles, policies, and industry best practices including the Critical Security Controls (CIS), Open Worldwide Application Security Project (OWASP), Top 10 and Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework
• Experience working with Authentication and Authorization Controls
• Experience working with common server applications such as Internet Information Services (IIS), Apache, Lightweight Directory Access Protocol (LDAP), Tomcat, and Secure Shell (SSH)
• Experience working with common network protocols such as HyperText Transfer Protocol/ HyperText Transfer Protocol Secure (HTTP/HTTPS), Transmission Control Protocol/Internet Protocol (TCP/IP), and User Diagram Protocol (UDP)

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work