207 Business Park Dr., Ste. 100
VA Beach, VA 23462
Technical Cybersecurity Assessor - Windows
Employee Type: Full-Time
Location: Suffolk, VA
Job Type: IT Specialist
Experience: 3+ Years
Clearance: Top Secret / SCI Eligible
AERMOR LLC is seeking qualified candidates to provide technical and analytical support for FCC OCA in support of all OCA inspections. Candidates shall perform a wide variety of technical support services and functions required to meet the mission of FCC OCA to enhance overall DoDIN-N readiness and security.
- Identifying critical flaws in applications and systems that cyber attackers could exploit
- Conducting vulnerability assessments for networks, applications, and operating systems
- Conducting network security audits and scanning on a predetermined basis using automated tools (e.g. Security Content Automation Protocol (SCAP)) to pinpoint vulnerabilities and reduce time-consuming tasks
- Experienced with performing manual testing methods and procedures using STIGs, SRGs, and checklists
- Using automated or manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives
- Validating report findings to reduce false positives
- Compiling and tracking vulnerabilities for metrics purposes
- Writing and presenting a comprehensive Vulnerability Assessment report
- Reviewing and defining requirements for information security solutions
- Adhere to established Navy / DoD policies and procedures
- Travel to commands/sites and/or remotely perform technical duties such as running vulnerability scans, reviewing command documentation/policies, uploading inspection results into data repositories and portals, providing a summary of inspection findings, conducting root cause analysis, providing mitigation recommendations, and other tasks necessary to complete a cybersecurity assessment/inspection. Travel is required unless an approved remote inspection plan is authorized by the Government.
- Notify Government CE/VE Lead of pending issues affecting the completion or outcome of a cybersecurity inspection/assessment.
- Develop and provide inspection finding summary/detail information, finding impact information to include operational impact, finding analysis information, and other related inspection deliverables as identified by the government.
- Provide guidance/coaching to inspection site personnel as well as internally to other OCA personnel to increase awareness and understanding of inspection technical areas.
- Assist in researching trend data for vulnerabilities associated with individual technology areas to support cybersecurity inspections.
- Detail all findings in a written report while providing recommendations to mitigate prioritizing by risk using industry standards and best practices.
- Submit lessons learned if applicable to the inspection within a specified timeframe in accordance with the CCORI process.
Required Skills and Experience:
- Minimum of three (3) years’ experience in DoD Network Operations or IA operations.
- Have experience, knowledge, and in-depth skill in applying: analytical methods and skills used to evaluate, implement and disseminate IT/cybersecurity concepts, tools and procedures; network operations and protocols; operating system and technology areas, mission analysis, and decomposition processes, and cybersecurity risk management.
- Knowledge of and skill applying: DoD laws, regulations, policies, and ethics as they relate to information assurance/cybersecurity principles and practices. Knowledge of IT security technical and behavioral methods to protect information systems, prevent vulnerabilities, provide mitigation strategies to minimize vulnerability impacts, and restore confidentiality, integrity, availability, and authentication.
- Proficient knowledge for identification of cyber threats, vulnerabilities, lapses, compromises, and impact that affect the functionality of the system and operational mission through a network the network. Knowledge of common network, operating systems, cross-domain services, and partner technologies. Have at least one primary technical focus area and proficient knowledge of one or more secondary focus areas.
- Assessors shall be subject matter experts in their specific field of work and associated DoD Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs) used to evaluate cyber hardening and compliance of DoD networks and systems.
- Windows (OS, DNS, WEB, Exchange, Database, Mobility, and REL):
- Perform OS, DNS, WEB (IIS and/or Apache), SQL Database, Mobility, and REL security assessments
- Use manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives
- Manually validate report findings to reduce false positives
- Write and present a comprehensive Vulnerability Assessment report
- Review and define requirements for information security solutions
- Supply training for systems administrators in the form or recommendations for properly applying required baseline settings and hardening guidance
- Generate reports to capture the findings
- Be well versed in all stages of the software development lifecycle
- Experience in Windows Servers, desktops, etc. for WIN2K flavors
- Experience or knowledge in scripting for Windows (PowerShell, Batch Scripts, etc.)
- Experience or knowledge in deploying Windows OS and applications (IIS, Microsoft SQL, etc.)
- Experience or knowledge in SSL Certificates
- Experience or knowledge in Active Directory/Domains
- Experience or knowledge in SQL databases from design models and building physical environments
- Experience or knowledge in Mobility (e.g., Samsung, Apple, etc.)
- DoD 8570.01-M IAT Level II
- JFHQ-DODIN RCP Certified
- Education: Associate’s degree in a related field, or equivalent education, experience, and related training
For more information contact: firstname.lastname@example.org