Penetration Tester/Vulnerability Specialist (L3) - Military veterans preferred

2021-06-13
ManTech (www.mantech.com)
Other

/yr

  full-time   contract


Hanover
Maryland
21076
United States

Secure our Nation, Ignite your Future

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first.  At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer-oriented Penetration Testing/Vulnerability Specialist Skill Level 3 to join our team at NSAW. 

Responsibilities include, but are not limited to:
•    Perform assessments of systems and networks to determine the effectiveness of defense-in-depth architecture against known vulnerabilities based on DoD and IC policies, as well as industry best practices 
•    Review and evaluate vulnerability scans, reports, or other IT/IS artifacts to identify systemic security issues and areas of weakness within a given DoD enclave, system, or enterprise
•    Work with stakeholders and system security engineers to effectively communicate the risks of identified vulnerabilities
•    Assist with remediation solutions of identified security vulnerabilities based on DoD, IC, and Federal policies, standards, and industry best practices. Identifies vulnerabilities of and attacks to the design and operation of a system (WW, S/W, ICS/SCADA, JOT, personnel, procedures, logistics, and physical security) by relating vulnerabilities and attacks to effects on operations and missions supported by those systems
•    Compare and contrast various system attack techniques and develops operationally effective countermeasures
•    Produce formal and informal reports, briefings, and perspectives of actual and potential attacks against the systems or missions being studied
•    Analyze organization's cyber defense policies and configurations and evaluate compliance with DoD regulations and organizational directives
•    Perform information system security vulnerability scanning to discover and analyze vulnerabilities to support the characterization of risks to networks, operating systems, applications, databases, and other information system components
•    Perform analysis on SCADA and Control Systems devises
•    Perform malicious code analysis
•    Perform analysis on network security devices 0 Conduct reverse engineering
•    Conduct network operating systems and network data/traffic analysis 0 Evaluate compliance scans and reports to analyze configurations
•    Facilitate audit reviews of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
•    Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
•    Share meaningful insight about the context of an organization's threat environment that improve its risk management posture
•    Engage with stakeholders to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
•    Communicate, both verbally and 'Written, security and compliance issues in an effective and appropriate manner
•    Recommend appropriate remedial actions to mitigate risks and ensure information systems employ the appropriate level of information security controls
•    Validate remedial actions and ensure compliance with information security policy and regulatory requirements
•    Maintain proficiency in threat and vulnerability management best practices
•    Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions

Basic Qualifications:
•    Bachelor’s degree and 10 years of vulnerability assessment experience or no degree and 14 years of experience
•    Meet the requirements for DoD 8570-M ISASE Level 2 certification 
•    At least one of the following certifications:
o    IACRB Certified Expert Penetration Tester 
o    Offensive Security Certified Professional
o    Offensive Security Certified Expert
•    Have experience with Infrastructure Control Systems/Supervisory Control and Data Acquisition/Internet of Things (ICS/SCADA/IOT) devices and software

Preferred Qualifications: None

Security Clearance Requirements:
•    TS/SCI w/ FSP 

Physical Requirements:
•    Must be able to remain in a stationary position for extended periods of time
•    Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
•    Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer
•    The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.