NASA IV&V Vulnerability Researcher & Exploit Developer
- Military veterans preferred
2020-06-18 SAIC (www.saic.com)
Fairmont West Virginia United States
SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.
The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas. Responsibilities includes simulating real-life cyber attacks
with the goal of helping an organization improve its security posture. This is
a highly technical hands-on role that will utilize development/programming,
live testing, system administration, reverse engineering, vulnerability
assessments, system/network hardening, penetration testing and ultimately creativity
skills. It is an opportunity for a team player to enhance a world-class team
and learn/teach new skills.
conducting advance host/network/application penetration testing as a member of
a technical team on live/operational systems
reverse engineering and static/dynamic test of desktop/web applications to find
security flaws like zero-day vulnerabilities
custom applications source code for security flaws and vulnerabilities
full-scope penetration test activities like zero-day discovery, exploit
development and exploitation of vulnerabilities on operational network
infrastructure devices, services, various operating systems and desktop/web
the exploitation of security policies and access controls in restricted/secure
environments (e.g. GPO bypass, privilege escalation and A/V evasion)
of doing the necessary research and development to produce TTPs and products
(e.g. exploits, applications, etc.) to achieve systems exploitation
able to review, modify and develop software programs or scripts in Assembly,
other languages for systems/applications exploitation, data analysis, systems configuration
and task automation
extensively from the Windows and UNIX/Linux command line (e.g. Bash and
to test, identify and exploit vulnerabilities in web applications without the
use of scanning tools
in current information security threats, trends and vulnerabilities
and formulate recommendations for vulnerabilities
extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio
to prepare plans, reports, diagrams, tables, briefings, etc.
able to present, demonstrate, explain and document operational impact of a
particular vulnerability or the combination of many vulnerabilities and flaws
proof-of-concept examples and scenarios for reports and live demonstrations
tactic, techniques and procedures (TTP) to train and expand/share knowledge
with customers and other team members
Bachelors and nine (9) years or more of cyber experience; Masters and seven (7) years or more cyber experience ; PhD or JD and four (4) years or more cyber experience. In lieu of a degree, 13 years of IT experience with 9 years or more of cyber related experience.
3+ years conducting advanced host/network/application penetration testing as a member of a technical team on live/operational systems (knowledge must be beyond Metasploit Frameworks and vulnerability scanning tools).
Ability to find/identify zero-day vulnerabilities through reverse engineering, source code review and dynamic/static testing.
Previous coding and development of exploits/proof of concepts (PoCs) as well
Current DoD SECRET clearance with the ability to be cleared up to TS/SCI