VULNERABILITY ASSESSMENT ANALYST-INTERMEDIATE (CYBER)

Overview:
Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Allied governments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL; Madison, AL, and Tupelo, MS.

Mission: s a member of the National Geospatial-Intelligence Agency (NGA) DEFENDER Computer Network Exploitation (CNE) team, the contractor executes computer network operations via penetration testing and emulating Advanced Adversaries, Insider Threats, and Purple Team against NGA systems for the purpose of strengthening information system security. Cyber Vulnerability Assessment Analysts will help develop and execute plans leveraging multiple cyber threat Tactics, Techniques and Procedures (TTP's) to breach and/or exfiltrate data in such a way as to minimize the risk of detection by a Security Operations Center (SOC). The positions also require the ability to protect data successfully exfiltrated from a targeted network and to provide mitigations to its exploits or observations that are resource-realistic, systemic, and actionable to buy down risk. This position is available immediately and supports the NGA onsite (no remote or hybrid) at NGA headquarters in Springfield, VA

Responsibilities:

• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Requirements:

• TS/SCI clearance, subject to CI Polygraph.
• IAT Level 2 and Two Penetration Testing certifications (OSCP, GPEN, GWAT, GCIH, CEH, CEH Master, GPYC, LPT, CPT, etc)
• DoD 8570 IAT II certification
• Bachelor's degree. In lieu of degree, Sec+, GICSP, Cloud+, GCED, PenTest+, or GSEC may be accepted.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in assessing the robustness of security systems and designs.
• Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• Skill in mimicking threat behaviors.
• Skill in the use of penetration testing tools and techniques.
• Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• Skill in reviewing logs to identify evidence of past intrusions.
• Skill in conducting application vulnerability assessments.
• Skill in performing impact/risk assessments.
• Skill to develop insights about the context of an organization's threat environment
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Desired/Preferred Skills:

• Experience with cloud technologies.

#LI-Onsite #LI-JL1

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.