Job Description:
Type of Requisition:
Regular
Clearance Level Must Currently Possess:
Secret
Clearance Level Must Be Able To Obtain:
Secret
Public Trust/Other Required:
None
Job Family:
Information Security
Skills:
Job Qualifications:
Linux, Nessus Vulnerability Scanner, Scripting, Vulnerability Scanning
Certifications:
None
Experience:
4 + years of related experience
US Citizenship Required:
Yes
Job Description:
Seize your opportunity to make a personal impact as a
Network Vulnerability Analyst supporting the Research, Development, Test, and Evaluation (RDT&E) at the Naval Information Warfare Center in San Diego, CA.
At GDIT, people are our differentiator. As a
Network Vulnerability Analyst, you will help ensure today is safe and tomorrow is smarter. Our work depends on a Network Vulnerability Analyst joining our team to work with a variety of subject matter experts covering the full breadth of cybersecurity and learn from their expertise.
HOW OUR NETWORK VULNERABLITY ANALYST WILL MAKE AN IMPACT:
- Perform penetration testing against a variety of applications using customer-provided tools
- Perform proof of concept on new exploits to determine if supported networks are vulnerable
- Ensure signature-based scanning tools are operational
- Draft and review Standard Operation Procedures and Proofs of Concept
- Prepare and assist with Command Cyber Readiness Inspections
WHAT YOU NEED TO SUCCEED (Required):
- Security Clearance Requirements: Active Secret clearance.
- Required Experience: 4 years of experience
- Experience with vulnerability and configuration compliance scans using automated tools to include, but not limited to ACAS, SCAP Compliance Checker, and McAfee Policy Auditor.
- Experience with penetration testing that identifies weaknesses in web applications, supporting infrastructure, and endpoints.
- Knowledge of security testing environments and tools, to include but not limited to Kali, Metasploit, Burp Suite, Wireshark, and Fiddler.
- Experience enumerating vulnerabilities and performing exploits on the vulnerabilities to include, but not limited to remote code execution, privilege escalation, XML external entity, Cross Site Scripting (XSS), SQL injection, man-in-the-middle, session hijacking, and Cross-Site Request Forgery.
- Experience with operating and maintaining a passive vulnerability/network vulnerability monitoring capability using Nessus Network Monitor or similar tools for gathering and analysis of packet capture, session data, transaction data, alert data, and event correlation.
- Experience with assisting administrators of vulnerable systems to test and implement patches, hot fixes, and countermeasures to mitigate findings.
- Be familiar with collaborating with infrastructure teams to drive remediation of reported vulnerabilities through risk/threat-based assessment of security controls and tools.
- Knowledge of DoD IAVM: deadlines, announcements, assess applicability, and plan responses.
- Be familiar with researching and documenting remediation strategies for vulnerabilities, and build custom reports for data calls.
- Experience with articulating risk and business impact to stakeholders to include applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE), and Open Web Application Security Project (OWASP) processes and remediation recommendations.
- Experience with analyzing vulnerabilities, implement controls to prevent vulnerabilities, and establish infrastructure to support detecting and containing vulnerabilities.
- Have knowledge of tools such as the Elastic Stack, SQL, stream editors, spreadsheet pivot tables, LDAP queries, Unix/Linux CLI, Nmap, tcpdump, Wireshark, shell scripting, and Puppet.
- Be able to maintain and utilize Blue Team tools.
- Have knowledge of current vulnerability trends and developing technologies, prioritize remediation efforts, and recommend best practices to improve the overall security posture of the network.
- Experience with DoD STIGs
- Scripting experience (PowerShell, BASH, or Python preferred)
- Experience with virtual machines (vSphere, Virtual Box, KVM, QEMU)
- Verbal and written communication skills.
- Required Certification: CompTIA Security+ CE
- Required Training: Microsoft Azure 801 and Linux + training certificates
- Education: Bachelor’s Degree in Computer Science, Information Systems, Engineering or other related scientific or technical discipline from accredited College/University
- Location: Onsite in San Diego, CA.
- US Citizenship Required.
WHAT WE'D LOVE FOR YOU TO HAVE (Preferred):
- Knowledge of Burp Suite security tools
- Experience with Kali Linux tools such as nMAP, TCPDump, WireShark
- Knowledge of web development and HTML structure
- Working knowledge of OSI network model and network traffic flow
- Working knowledge of Windows Server core elements (Domain Controller, Active Directory, Registry, GPO creation, DISM, SCCM)
- Medium to Advance knowledge of network configuration for switches and routers
- Basic understanding of vulnerability research and exploitation
- Basic knowledge of physical security
- Basic knowledge of hardware exploitation
- Basic knowledge of Cloud core elements
- Penetration testing experience
GDIT IS YOUR PLACE:
- 401K with company match
- Comprehensive health and wellness packages
- Internal mobility team dedicated to helping you own your career
- Professional growth opportunities including paid education and certifications
- Cutting-edge technology you can learn from
- Rest and recharge with paid vacation and holidays
The likely salary range for this position is $102,000 - $138,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours:
40
Travel Required:
None
Telecommuting Options:
Onsite
Work Location:
USA CA San Diego
Additional Work Locations:
Total Rewards At GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation’s most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
