Vulnerability Assessment Analyst - Advanced

Title
Vulnerability Assessment Analyst - Advanced
Full-Time/Part-Time Full-Time Description
RiVidium Inc. (dba TripleCyber) is seeking an Advanced Vulnerability Assessment Analyst.

Responsibilities for this position shall include:

• Executing computer network operations via penetration testing and emulating Advanced Adversaries, Insider Threats, and Purple Team against NGA systems for the purpose of strengthening information system security.
• Cyber Vulnerability Assessment Analysts will help develop and execute plans leveraging multiple cyber threat Tactics, Techniques and Procedures (TTP's) to breach and/or exfiltrate data in such a way as to minimize the risk of detection by a Security Operations Center (SOC).
• The ability to protect data successfully exfiltrated from a targeted network and to provide mitigations to its exploits or observations that are resource-realistic, systemic, and actionable to buy down risk. The ideal candidate will assist the customer in providing technical and engineering support to sensitive and highly regulated CNE operations designed to identify vulnerabilities subject to Advanced Persistent Threats (APT) or other emerging, time sensitive cyber threats on the customers networks.
• Performing assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Developing measures of effectiveness for defense-in-depth architectures against known vulnerabilities.
• Identifying systemic security issues based on the analysis of vulnerability and configuration data.
• Applying programming language structures (e.g., source code review) and logic.
• Sharing meaningful insights about the context of an organization's threat environment that improves its risk management posture.
• Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Minimum Qualifications for this position shall include:

• Bachelor's degree or higher from an accredited college or university from an accredited institution in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
• Knowledge of computer networking concepts and protocols, and network security methodologies, risk management processes (e.g., methods for assessing and mitigating risk), and laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cyber threats and vulnerabilities, and operational impacts of cybersecurity lapses.
• Knowledge of cryptography and cryptographic key management concepts and host/network access control mechanisms (e.g., access control list, capabilities list).
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• TS/SCI eligible, subject to CI Polygraph

Preferred Qualifications shall include:

• Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
• Mimicking threat behaviors and the use of penetration testing tools and techniques.
• Using network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap, etc.).
• Reviewing logs to identify evidence of past intrusions and conducting application vulnerability assessments.
• Conducting ethical hacking and penetration testing following established principles and techniques.

Required Training/Certifications:

• Meet DoD 8570/8140 requirements at a minimum IAT Level 2 and Two Penetration Testing Certifications w/ At Least One Being an Advanced Certification (e.g., OSCP, OSCE, OSEE, GSE, GXPN, CPT)
• Two Penetration Testing Certifications (e.g., GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT)

About the Organization Established in 2008, RiVidium, Inc. (dba TripleCyber) is a VA-Verified SDVOSB and an SBA-Certified 8(a) company. To prepare our clients for the future, RiVidium has balanced all parts of our organization to attract the finest employees in order to 'Strive to be the missing element defining tomorrow's technology'. RiVidium keeps pace and surpasses its competitors by meeting challenges of advancements in Logistics, Human Capital, Cyber, Intelligence & Technology. EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. If you need a reasonable accommodation for any part of the employment process, please contact Human Resources (HR) at hr@rividium.com.
This position is currently accepting applications.