Employee Type: Full-Time
Location: Norfolk, VA
Job Type: Senior Cyber Test Engineer
Experience: 5+ Years
Clearance Type: Secret (TS Eligible)
AERMOR is seeking qualified candidates with Cyber Test Engineer experience that will be able to work closely with other members of a test team.
- Observes and assesses fleet and combatant cyber exercises.
- Develop, maintain and assist in the execution of test plans.
- Conduct Cybersecurity architecture (SUT or SoS) review and document review.
- Participate in cross-functional team meetings, scoping, decision making and technical discussion.
- Interface with developers to obtain and clarify documentation.
- Review system diagrams, cybersecurity architecture, and other documentation analyze testability of requirements and identify the attack surface and attack vectors.
- Apply analytical and problem-solving skills to determine appropriate testing scenarios in alignment with mission as well as functional and technical specifications.
- Communicate with key stakeholders to ensure their requirements are met.
- Work closely with Program Office and development teams to stay current on system functionality.
- Review hardware and software capabilities and vulnerabilities as required to support testing.
- Conduct Cybersecurity test planning site surveys.
- Develop cybersecurity test designs to support Operational Test Directors.
- Identify representative exploitations to fully test the cybersecurity of any system under test.
- Coordinate with other program elements while conducting security testing.
Required Skills and Experience:
- Experience decomposing system diagrams, cybersecurity architecture, and other documentation to determine the potential attack surface and attack vectors.
- Experience with software and/or hardware testing.
- Demonstrated ability to organize, prioritize and self-manage multiple project tasks.
- Proficiency with computer hardware and software systems.
- Knowledge of Microsoft and Linux operating systems and embedded and Real-Time Operating Systems.
- Ability to articulate open issues and risks in a timely manner to management and make recommendations.
- Must be a self-starter with the ability to pick up and learn new systems and architectures with little supervision, as well as adapt to a variety of situations and tasks.
- Excellent written and verbal communication skills.
- Identify insider and nearside threat opportunities and mitigations as well as physical security controls.
- Familiarity with computer security measures.
- Experience with test automation.
- Experience with Defense Information Systems Agency (DISA) Security Implementation Guides (STIGs) and security controls.
- Knowledge of Cyber test tools (e.g. Retina, SCAP, ACAS, Nessus, Metasploit, Burp, Nessus, Kali Linux Tool Suite, Core Impact, Burp Suite, IDA Pro, OllyDbg/WinDbg, Nmap, John the Ripper, Cain, Nikto, and packet analysis tools (Wireshark/TCPDump)).
- Familiar with the Risk Management Framework.
- Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.
- Knowledge of data at rest and data in motion principles.
- Knowledge of network defense systems including but not limited to network and host-based IDS, IPS, firewall, web application firewall, proxy and SIEM systems.
- Understanding of SCADA systems and protocols.
- Knowledge of current security tools and industry best practices: tools, techniques, procedures, tactics, attacks and forensics.
- Understanding of storage and databases, including relational databases, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
- Experience with system administration, networking, Computer Network Attack (CNA), Computer Network Exploitation (CNE), Computer Network Defense (CND), and/or penetration testing.
- Understand fundamentals of how to exploit vulnerabilities in tested systems including (but not limited to): system misconfigurations, zero-day vulnerabilities, Denial of Service (DoS) or Distributed Denial of Service (DDoS) vulnerabilities, privilege escalation, unsupported or unpatched software, and phishing attacks.
- Knowledge of DoD/Navy networks and communications.
- Experience with TCP/IP, VLANs, Cyber vulnerability remediation, and Cyber risk analysis.
- Familiarity with the DISA Enterprise Mission Assurance Support Service (eMASS) application as used to develop, manage and track IA artifacts.
- Familiarity with Information Assurance Vulnerability Management (IAVM) Plan.
- Knowledge of scripting and its uses in Cyber testing.
- Experience translating requirements and capabilities into operational test plans.
- Knowledge and experience with Virtual Machines.
- Knowledge and understanding of system BIOS settings.
- 4 Year Degree in one of the following: Computer Science, Computer/Electrical engineering, Systems Engineering (technical), Aeronautical engineering OR
- Minimum 2 years of DoD cybersecurity experience AND Minimum 2 years’ experience in one of the following: Network engineering, Programming (C/C++, python, Bash, etc.), Systems test engineering, Project management, Penetration testing
- DoDD 8570 IAM/IAT II certification or ability to obtain
For more information contact: email@example.com
Cyber Test Engineer
207 Business Park Dr., Ste. 100
VA Beach, VA 23462