Vulnerability Assessment Analyst

Amyx is seeking to hire a Vulnerability Assessment Analyst-Intermediate to support our Cybersecurity Division and Intel client in the NCE-Springfield, VA. area.

Responsibilities

• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
• Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Technology used:

Microsoft Office Suites; SharePoint; Nessus, SNORT, public key infrastructure, Oauth, OpenID, SAML, SPML, Wireshark, tcpdump

Qualifications

Required:

• Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.)
  Clearance: TS/SCI-subject to CI poly upon request.
  8140 Certification: IAT Level 2 and Two Penetration Testing Certifications: GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. Skill in assessing the robustness of security systems and designs.
• Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• Skill in mimicking threat behaviors. Skill in the use of penetration testing tools and techniques.
• Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.). Skill in reviewing logs to identify evidence of past intrusions.
• Skill in conducting application vulnerability assessments. Skill in performing impact/risk assessments. Skill to develop insights about the context of an organization's threat environment.
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Desired:

• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• Ability to apply programming language structures (e.g., source code review) and logic.
• Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Benefits include:

• Medical, Dental, and Vision Plans (PPO & HSA options available)
• Flexible Spending Accounts (Health Care & Dependent Care FSA)
• Health Savings Account (HSA)
• 401(k) with matching contributions
• Roth
• Qualified Transportation Expense with matching contributions
• Short Term Disability
• Long Term Disability
• Life and Accidental Death & Dismemberment
• Basic & Voluntary Life Insurance
• Wellness Program
• PTO
• 11 Holidays
• Professional Development Reimbursement

Please contact talent@amyx.com with any questions!

Amyx is proud to be an Equal Opportunity Employer. All qualified candidates will be considered without regard to race, color, religion, national origin, age, disability, sexual orientation, gender identity, status as a protected veteran, or any other characteristic protected by law. Amyx is a VEVRAA federal contractor and we request priority referral of veterans.

Physical Demands

Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.