Job Description

Type of Requisition: Regular Clearance Level Must Currently Possess: Secret Clearance Level Must Be Able to Obtain: Secret Public Trust/Other Required: None Job Family: Information Security Job Qualifications: Skills: Linux, Nessus Vulnerability Scanner, Scripting, Vulnerability Scanning Certifications: None Experience: 4 + years of related experience US Citizenship Required: Yes Job Description: Seize your opportunity to make a personal impact as a Network Vulnerability Analyst supporting the Research, Development, Test, and Evaluation (RDT&E) at the Naval Information Warfare Center in San Diego, CA. At GDIT, people are our differentiator. As a Network Vulnerability Analyst , you will help ensure today is safe and tomorrow is smarter. Our work depends on a Network Vulnerability Analyst joining our team to work with a variety of subject matter experts covering the full breadth of cybersecurity and learn from their expertise. HOW OUR NETWORK VULNERABILITY ANALYST WILL MAKE AN IMPACT: Perform penetration testing against a variety of applications using customer-provided tools Perform proof of concept on new exploits to determine if supported networks are vulnerable Ensure signature-based scanning tools are operational Draft and review Standard Operation Procedures and Proofs of Concept Prepare and assist with Command Cyber Readiness Inspections WHAT YOU NEED TO SUCCEED (Required): Security Clearance Requirements: Active Secret clearance. Required Experience: 4 years of experience Experience with vulnerability and configuration compliance scans using automated tools including ACAS, SCAP Compliance Checker, and McAfee Policy Auditor. Experience with penetration testing that identifies weaknesses in web applications, supporting infrastructure, and endpoints. Knowledge of security testing environments and tools, including Kali, Metasploit, Burp Suite, Wireshark, and Fiddler. Experience enumerating vulnerabilities and performing exploits on the vulnerabilities, including remote code execution, privilege escalation, XML external entity, Cross Site Scripting (XSS), SQL injection, man-in-the-middle, session hijacking, and Cross-Site Request Forgery. Experience with operating and maintaining a passive vulnerability/network vulnerability monitoring capability using Nessus Network Monitor or similar tools for gathering and analysis of packet capture, session data, transaction data, alert data, and event correlation. Experience assisting administrators of vulnerable systems to test and implement patches, hot fixes, and countermeasures to mitigate findings. Familiarity with collaborating with infrastructure teams to drive remediation of reported vulnerabilities through risk/threat-based assessment of security controls and tools. Knowledge of DoD IAVM: deadlines, announcements, assess applicability, and plan responses. Familiarity with researching and documenting remediation strategies for vulnerabilities, and building custom reports for data calls. Experience articulating risk and business impact to stakeholders, including applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE), and Open Web Application Security Project (OWASP) processes and remediation recommendations. Experience analyzing vulnerabilities, implementing controls to prevent vulnerabilities, and establishing infrastructure to support detecting and containing vulnerabilities. Knowledge of tools such as the Elastic Stack, SQL, stream editors, spreadsheet pivot tables, LDAP queries, Unix/Linux CLI, Nmap, tcpdump, Wireshark, shell scripting, and Puppet. Ability to maintain and utilize Blue Team tools. Knowledge of current vulnerability trends and developing technologies, prioritizing remediation efforts, and recommending best practices to improve the overall security posture of the network. Experience with DoD STIGs. Scripting experience (PowerShell, BASH, or Python preferred). Experience with virtual machines (vSphere, Virtual Box, KVM, QEMU). Verbal and written communication skills. Required Certification: CompTIA Security+ CE Required Training: Microsoft Azure 801 and Linux + training certificates Education: Bachelor’s Degree in Computer Science, Information Systems, Engineering or other related scientific or technical discipline from accredited College/University Location: Onsite in San Diego, CA. US Citizenship Required. WHAT WE'D LOVE FOR YOU TO HAVE (Preferred): Knowledge of Burp Suite security tools Experience with Kali Linux tools such as nMAP, TCPDump, WireShark Knowledge of web development and HTML structure Working knowledge of OSI network model and network traffic flow Working knowledge of Windows Server core elements (Domain Controller, Active Directory, Registry, GPO creation, DISM, SCCM) Medium to Advance knowledge of network configuration for switches and routers Basic understanding of vulnerability research and exploitation Basic knowledge of physical security Basic knowledge of hardware exploitation Basic knowledge of Cloud core elements Penetration testing experience

GDIT IS YOUR PLACE:

401K with company match Comprehensive health and wellness packages Internal mobility team dedicated to helping you own your career Professional growth opportunities including paid education and certifications Cutting-edge technology you can learn from Rest and recharge with paid vacation and holidays The likely salary range for this position is $102,000 - $138,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: None Telecommuting Options: Onsite Work Location: USA CA San Diego Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation’s most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans #J-18808-Ljbffr General Dynamics Information Technology

Job Tags

Holiday work, Temporary work, Work experience placement, Immediate start, Remote job, Worldwide, Flexible hours,

Similar Jobs