Apply on Employer Site

Rividium Inc · 1 day ago

Vulnerability Assessment Analyst - Intermediate

St Louis, MO

Full-time

Onsite

Mid Level

RiVidium Inc (dba, TripleCyber) is seeking a Vulnerability Assessment Analyst to perform assessments of systems and networks, identifying deviations from acceptable configurations and policy. The role involves conducting penetration testing, maintaining audit toolkits, and preparing reports with remediation strategies.

AnalyticsInformation TechnologySoftware

Responsibilities

Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives

Conduct and/or support authorized penetration testing on enterprise network assets

Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions

Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing

Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions

Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews)

Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)

Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes)

Qualification

Vulnerability assessmentPenetration testingCybersecurity principlesIntrusion detectionNetwork analysis toolsRisk assessmentsSocial engineering techniquesTechnical writingTeam collaborationProblem-solvingCommunication skills

Required

Bachelor degree or higher from an accredited college or university

Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field

Certifications: IAT Level 2 and Two Penetration Testing Certifications (e.g., GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT)

Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems

Skill in assessing the robustness of security systems and designs

Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort)

Skill in mimicking threat behaviors

Skill in the use of penetration testing tools and techniques

Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.)

Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.)

Skill in reviewing logs to identify evidence of past intrusions

Skill in conducting application vulnerability assessments

Skill in performing impact/risk assessments

Skill to develop insights about the context of an organization's threat environment

Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)