Apply on Employer Site

USAJOBS · 1 month ago

Cybersecurity Testing and Evaluation Specialist - Entry to Mid Level (Maryland)

Fort Meade, Maryland, USA

Full-time

Onsite

New Grad, Entry, Mid Level

$86K/yr - $152K/yr

0+ years exp

USAJOBS is seeking a Cybersecurity Testing Specialist who will apply their expertise to perform formal assessments that mimic real-world attacks. The role involves identifying vulnerabilities in applications, systems, and networks, and influencing remediations through fact-based testing using cutting-edge methodologies.

ConsultingGovernmentHuman ResourcesInformation TechnologyInternetStaffing Agency

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conducting security controls testing of NSA systems to ensure controls are properly implemented by system owner(s)

Conducting testing against cloud fabrics, including various security configuration options of cloud services and a wide variety of different security configurations

Assessing the effectiveness of security solutions against cybersecurity frameworks (e.g. MITRE Attack Framework)

Operating within teams focused on implementing and evolving cybersecurity testing procedures and implementing automation to reduce testing time and improve consistent analysis

Operating within a cybersecurity team for each of the life cycle steps of the Federal Government's Risk Management Framework (RMF), as maintained by the National Institute of Standards and Technology (NIST 800-53)

Implementing automation across the cybersecurity testing processes

Qualification

Cloud Security KnowledgePenetration TestingMITRE Attack FrameworkVulnerability IdentificationNetwork ProgrammingShell ScriptingCritical ThinkingInterpersonal SkillsProblem SolvingCommunication Skills

Required

Degree must be in Computer Science (CS) or related field (e.g., Engineering, Mathematics)

Degrees in Information Technology, Information Systems, Information Security, Networking (Systems Administration), Information Assurance, and Cybersecurity may be considered relevant if the programs contain, at minimum, a concentration of courses in the following foundational CS areas: algorithms; computer architecture (not network architecture); programming methodologies and languages; data structures; logic and computation; and upper-level mathematics

Relevant experience must be in engineering of computer or information systems over their lifecycle (i.e., requirements analysis, design, development, implementation, testing, integration, deployment/installation, and maintenance), programming, vulnerability analysis, penetration testing, computer forensics, and/or systems engineering

Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course) will be considered towards the relevant experience requirement (i.e., 24-week JCAC course will count as 6 months of experience)

Entry is with a Bachelor's degree and no experience. An Associate's degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position

FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience or a Master's degree plus 1 year of relevant experience or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position

Preferred

Cyber planning, cybersecurity operations, mission management, vulnerabilities, troubleshoot, mitigations, network defense, requirements management, cyber security technical knowledge, strategy and process development, project management, program management, technical writing, finished SIGINT report evaluation, partnership and customer relations (i.e. DoD, USCYBERCOM, DISA, JTFHQ DoDIN, DIB partners), joint doctrine and military planning certifications and education, coordination, communication, strong interpersonal skills, problem identification and resolution

Cloud Security Knowledge for commercial cloud environments such as Amazon Web Services, Microsoft Azure, Oracle or Google cloud environments

Knowledge of or experience with penetration testing or ethical hacking methodologies

Knowledge of network attacks based on MITRE Attack Framework

Familiarity with exploitation techniques and frameworks (network firewalls, intrusion detection systems, networks)

Familiarity with various exploitation frameworks (e.g. Metasploit)

Understanding of shell scripting for the development of network attack tools and techniques (e.g. Python, Perl, or Ruby)

Knowledge of vulnerability identification, mitigations, and countermeasures

Understanding of network protocols

Knowledge of Windows / Linux network programming

Knowledge of network architecture, network and IT infrastructure devices, physical and virtual

Understanding of tools (nmap, nessus, dsniff, libnet, netcat, network sniffers) and techniques (e.g. fuzzing)

Understanding of threat modeling and development of test scenarios

Critical thinking and ability to break large complex problems into manageable parts

Experience and knowledge of computer security tools, vulnerability analysis, systems architecture, systems engineering, test and evaluation tradecraft, and software engineering is helpful

Working knowledge of automation tools and Linux is helpful

The ideal candidate is someone with a desire for experiential learning and strong problem-solving, analytic and interpersonal skills who is: willing to take the initiative, innovative, able to work effectively across several different functional areas in a collaborative environment, able to communicate effectively (both orally and written), well-organized and able to handle multiple assignments