SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.
The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas.
Responsible for simulating real-life cyber attacks with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize development, system administration and creativity skills. It is an opportunity for a team player to enhance a world-class team and learn new skills.
Conduct host/network/application penetration testing as a member of a technical team
Perform full-scope penetration tests (discovery and exploitation of vulnerabilities) on network infrastructure, services, systems and desktop/web applications
Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
Review custom applications source code for security flaws and vulnerabilities
Possess ability to test, identify and exploit vulnerabilities in web applications without the use of scanning tools
Research and formulate recommendations for vulnerabilities
Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
Develop proof-of-concept examples and scenarios for reports and live demonstrations
Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members
Ability to develop presentations and reports, document findings accurately; attention to detail is a vital skill
Excellent communication and interpersonal skills; ability to convey findings in a tactful manner with the technical proficiency level appropriate to the skills and/or understanding of the audience.
Critical thinking skills are a must
Active DoD SECRET clearance is required with the ability to be cleared up to TS/SCI
3 years hands-on experience as a penetration tester; ICS/SCADA, Cloud Computing, reverse engineering and exploit development are a plus
Penetration Test experience and knowledge beyond Metasploit Frameworks and vulnerability scanning tools
Bachelors degree in Engineering, Applied Science or similar technical discipline is required
Must have a thorough knowledge beyond common network ports and protocols
TS/SCI Clearance is preferred
Penetration Test certifications like GXPN, OSCP, OSCE are a plus