SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.
The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas.
Responsible for the evaluation of networks and systems to identify vulnerabilities with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize the knowledge of common ports, protocols and services (PPS), knowledge of system administration, operating systems and creativity skills. It is an opportunity for a team player to enhance a world-class team and learn new skills.
Conduct host/network/application vulnerability and compliance assessments as a member of a technical team
Assess networks and systems for compliance with NIST, local policies and other DOD and commercial publications
Configure, execute, validate and contextualize the output of vulnerability discovery tools such as Nmap, Nessus, Nexpose and SCAP
Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
Research and formulate recommendations for vulnerabilities
Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
Develop proof-of-concept examples and scenarios for reports and live demonstrations
Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members
Ability to develop presentations and reports, document findings accurately; attention to detail is a vital skill
Excellent communication and interpersonal skills; ability to convey findings in a tactful manner with the technical proficiency level appropriate to the skills and/or understanding of the audience.
Willingness to take experience as a vulnerability assessor to the next level and learn and potentially become a penetration tester
Critical thinking skills are a must
2 years hands-on experience as a vulnerability assessor or junior penetration tester; ICS/SCADA and Cloud Computing are a plus
Minimum of SECRET clearance with the ability to be cleared up to TS/SCI
Bachelor’s degree in Engineering, Applied Science or similar technical discipline OR 4 additional years equivalent combination of education, training, and experience
Must have a thorough knowledge beyond common network ports and protocols
GPEN certification is a plus