NASA IV&V Vulnerability Assessor - Military veterans preferred

2019-06-12
SAIC (www.saic.com)
Other

/yr

  full-time   employee


Fairmont
West Virginia
26554
United States

Description


SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.

 

The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas. 

 

Responsible for the evaluation of networks and systems to identify vulnerabilities with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize the knowledge of common ports, protocols and services (PPS), knowledge of system administration, operating systems and creativity skills. It is an opportunity for a team player to enhance a world-class team and learn new skills.

 

  • Conduct host/network/application vulnerability and compliance assessments as a member of a technical team

  • Assess networks and systems for compliance with NIST, local policies and other DOD and commercial publications

  • Configure, execute, validate and contextualize the output of vulnerability discovery tools such as Nmap, Nessus, Nexpose and SCAP

  • Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)

  • Research and formulate recommendations for vulnerabilities

  • Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.

  • Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws

  • Develop proof-of-concept examples and scenarios for reports and live demonstrations

  • Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members

  • Ability to develop presentations and reports, document findings accurately; attention to detail is a vital skill

  • Excellent communication and interpersonal skills; ability to convey findings in a tactful manner with the technical proficiency level appropriate to the skills and/or understanding of the audience.

  • Willingness to take experience as a vulnerability assessor to the next level and learn and potentially become a penetration tester

  • Critical thinking skills are a must

 

 

 

Qualifications


Qualifications

  • 2 years hands-on experience as a vulnerability assessor or junior penetration tester; ICS/SCADA and Cloud Computing are a plus

  • Minimum of SECRET clearance with the ability to be cleared up to TS/SCI

  • Bachelor’s degree in Engineering, Applied Science or similar technical discipline OR 4 additional years equivalent combination of education, training, and experience

  • Must have a thorough knowledge beyond common network ports and protocols

 

         

 


Desired Qualifications

 

GPEN certification is a plus