Vulnerability Assessment Analyst - Intermediate

Title
Vulnerability Assessment Analyst - Intermediate
Full-Time/Part-Time Full-Time Description
RiVidium Inc. (dba TripleCyber) is seeking a Vulnerability Assessment Analyst (Intermediate).

Responsibilities for this position shall include, but are not limited to:

• Performing assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Developing measures of effectiveness for defense-in-depth architectures against known vulnerabilities.
• Identifying systemic security issues based on the analysis of vulnerability and configuration data.
• Apply programming language structures (e.g., source code review) and logic.
• Sharing meaningful insights about the context of an organization's threat environment that improves its risk management posture.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Provide analysis and remediation recommendations to address Tasking Orders (TASKORD), POA&Ms, Operational Orders (OPORDS), Information Assurance Vulnerability Management (IAVMs), Vulnerability Disclosure Program (VDP), Period of Non-Disruption (POND), Operational Planning (OPLAN), Rouge System Detection, and Security Technical Implementation Guide (STIG) compliance as required within government directed timelines across the entirety of client's enterprise.
• Provide support to Vulnerability Management initiatives and tools (e.g., RedSeal, Web-Inspect) over the entirety of the SDLC.
• Support TASKORDs tickets that require remediation, fix validation, tracking and ticket closures.

Requirements for this position shall include:

• Bachelor's degree or higher from an accredited college or university from an accredited institution in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
• Knowledge of Government standards for data security such as markings, handling of classified and unclassified information, and how to handle the distribution of this information.
• Knowledge of computer networking concepts and protocols, and network security methodologies, risk management processes (e.g., methods for assessing and mitigating risk), and laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cyber threats and vulnerabilities, and operational impacts of cybersecurity lapses.
• Knowledge of cryptography and cryptographic key management concepts and host/network access control mechanisms (e.g., access control list, capabilities list).
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• TS/SCI eligible, subject to CI Polygraph

Preferred Qualifications for this position shall include:

• Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
• Mimicking threat behaviors and the use of penetration testing tools and techniques.
• Using network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap, etc.).
• Reviewing logs to identify evidence of past intrusions and conducting application vulnerability assessments.
• Conducting ethical hacking and penetration testing following established principles and techniques.

Required Training and Certifications for this position shall include:

• Meet DoD 8570/8140 requirements at a minimum IAM or IAT Level 2 certification, e.g. Security+, GSEC, CAP, CASP, CISSP, GSLC.

About the Organization Established in 2008, RiVidium, Inc. (dba TripleCyber) is a VA-Verified SDVOSB and an SBA-Certified 8(a) company. To prepare our clients for the future, RiVidium has balanced all parts of our organization to attract the finest employees in order to 'Strive to be the missing element defining tomorrow's technology'. RiVidium keeps pace and surpasses its competitors by meeting challenges of advancements in Logistics, Human Capital, Cyber, Intelligence & Technology. EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. If you need a reasonable accommodation for any part of the employment process, please contact Human Resources (HR) at hr@rividium.com.
This position is currently accepting applications.