Security Architect

Job Description
The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems.

In support of this mission, Tharros has an immediate opportunity for a Security Architect - Database. In this role you will be responsible for performing security audits, risk assessments and analyses with adherence to DISA STIGs, NIST, and industry best practices; duties to include vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately "tell the story" of how the vulnerability was exploited and what the overall impact would be to particular hosts or networks.

Duties:

• Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and databases (i.e., MS SQL Server, Oracle, PostgreSQL, MySQL (Maria DB), Mongo DB, Sybase, IBM DB2, SQLite, FireBird, and Informix)
• Demonstrated ability to methodically analyze problems and identify potential solutions.
• Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.
• Analyze and evaluate database schemas and current or proposed configurations to discern weaknesses for exploitation and supply recommendations for enhancing database internal and external security; document and transition results in reports, presentations, and technical exchanges.
• Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
• Craft recommendations for customer to prevent/mitigate attempted breaches of database security and database security weaknesses
• Render guidance on formulating security policies, procedures, along with tactics, techniques and procedures to enhance data and database protections.
• Possess good writing and communications skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.
• Position requires travel up to 25%.

Requirements

• Current Top Secret clearance with SCI eligibility
• Bachelor's degree in a related field (focused on engineer or applied science) and a minimum of 3 years of experience in a related role; associate degree with 4 years' experience or 6 years equivalent experience without a degree.
• IAT Level III certification required (CASP, CISSP+, etc.).
• Must be able to support travel up to 25% (1-3 weeks in duration).
• Must possess a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months.
• Must obtain a Microsoft and UNIX/Linux certification within 6 months.
• Must possess a database certification (e.g., MS SQL Server, OCP, CMDBA, MSDBA, etc.) within 6 months upon arrival on-site.
• Database administrator experience (MS SQL Server, Oracle, PostgreSQL, etc.).
• Hands on experience with and knowledge of SQL.
• Experience in working with and in a web and network systems security environment with a focus on database administration and security.
• Must successfully complete skills assessment lab prior to arriving at customer site and remain mission qualified.
• Self-motivated with minimal supervision.

Preferred Requirements:

• System administrator experience (Windows, UNIX)
• Analytical with the ability to understand and implement customer objectives
• Familiarity with NIST, RMF, DISA STIGs and experience in conducting DoD vulnerability and compliance assessments
• Experience or familiarity with military operations highly desirable

Summary
Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward.

In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.

Tharros. See Everything. Secure Anything.

Tharros is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer and make employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected status.