cFocus Software Incorporated · 3 hours ago
SME Cyber Vulnerability Assessment Analyst - TS/SCI Required
Maximize your interview chances
ChatbotGovernment
Growth OpportunitiesNo H1BSecurity Clearance Required
Insider Connection @cFocus Software Incorporated
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Responsible for leading penetration testing, developing advanced security scenarios and testing systems against those scenarios, developing advanced security architectures for the implementation of custom countermeasures, provides security considerations to advise system engineering teams with the objective to reduce errors, flaws, and weaknesses that may constitute security vulnerability, performing advanced code analysis, and performing advanced protocol analysis for nation-state and state-sponsored cyber threat actor capabilities.
Ensure an industry’s best practice implementation utilizing agile practices for scanning and end to end vulnerability remediation as well as assist in all information security planning, compliance and risk management, manage teams, ensure they have appropriate skill sets, and tie the teams and results together
Identify vulnerabilities and understand and recommend countermeasures
Analyze the network to determine if appropriate security is applied
Possess and apply knowledge NIST RMF
Develop and implement test plans and ensure execution
Evaluate the costs and benefits of security functions and considerations from analysis of alternatives, engineering trade-offs and risk treatment decisions.
Provide assessment support and remote or site visits for CISA information systems.
Perform detailed assessments of the security controls that have been identified and implemented for systems as part of the RMF process.
Collaborate with product teams to assess cloud security standards and verify controls are implemented for hardening infrastructure, hardening infrastructure-as-code, hardening CI/CD pipelines, and hardening containers.
Employ test plans and test procedures tailored to the security controls of the system under test.
The tools and techniques could include, but are not limited to, manual test procedures or analysis, web assessment software, vulnerability scanning tools, penetration test tools, and or contractor-developed custom scripts.
Tools and techniques consist of manual testing, vulnerability scans, and penetration testing.
Automate testing functions and adopt OffSecOps development practices to include development of ansible or terraformed testing procedures and infrastructure development that can be automated to quickly deploy and test various targets.
Prepare a detailed weekly status of all activities, including status of assessments and any other pertinent data points as requested by the Government
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Active TS/SCI clearance
10+ years of proven experience as a Security Engineer with supervisory/leadership abilities to oversee large teams responsible for planning, analyzing, implementing, and maintaining many different projects
Experience assessing security implementation of cloud and hybrid environments to include pipelines, applications and services
10+ years of experience with Reverse Engineering, Computer Forensics, Adversarial Emulations, Incident Response, Vulnerability Assessment and Management, Risk and Threat Mitigation, and Penetration Testing
10+ years of technical experience using concepts such as (SaaS, PaaS, & IaaS)
10+ years of experience working with AWS, Kubernetes, Dockers, Linux, Windows
Company
cFocus Software Incorporated
cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.