SENIOR CYBER SECURITY ANALYST - PENETRATION TESTER WITH SECURITY CLEARANCE

Overview The Senior Cyber Security Analyst provides cyber security support for the Enterprise Information Services for the Department of Energy (DOE) Savannah River Operations Office (DOE-SR), at the Savannah River Site (SRS) in Aiken, SC . This position assist with the design and implementation of IT Security Systems to protect the organization's Information Systems and is responsible for performing vulnerability management, penetration testing, and analysis to reduce the DOE-SR attack surface from cyberattacks. Analyst is responsible for conducting Risk Assessments and participating in and support Security Assessments and Audits. Responsibilities * Perform penetration testing including system or application vulnerability discovery, research, exploitation, reporting and validation according to the established rules of engagement. * Support Assessment & Authorization activities as the Trusted Agent * Maintains awareness of current cyber security information and events. * Supports security activities within SDLC in accordance with DOE CSP and Risk Management Framework * Supports DOE Oversight penetration testing and vulnerability assessment functions of site tenant systems and cyber security activities. * Assist forensic analysis and incident response activities. * Performs other duties as assigned by Program Manager or DOE Counterpart. * Perform wireless detection to include unauthorized wi-fi access points or Bluetooth * Attend meetings, trainings and conferences * Assist with the development and performance of Cyber Security Awareness training * As required, document the risk validation and results of self-assessments of assigned boundaries. * Develop outcome-based measures (metrics) to determine the effectiveness and efficiency of the cyber security program and security controls * Perform Security Configuration Management support for DOE-SR to include research and development of applicable baselines, configuration scanning, and notification to owner and personnel accountable, tracking remediation, reporting and validation. Qualifications * Attention-to-detail is critical, proven ability to look closely at your work to identify and correct errors, spot and improve weaknesses and produce a near-perfect end-result. * Ability to identify problems, brainstorm and analyze answers, and implement the best solutions. * Strong written and verbal communications skills. * Ability to develop and review security related procedures or processes and reports. * Familiarity with applicable regulations affecting Cyber Security NIST 800 Series Standards * Background in vulnerability assessments, penetration testing, or red team operations Clearance: * Must possess (or be able to obtain) a Q level security clearance Education: * A bachelor's degree in information technology systems, computer science, or related field and experience in information technology systems or related area. Relevant experience may be substituted for education on a year-for-year basis. Experience: * 7+ years in IT security or related field. Certification: * Professional certification required: One or more required certifications within 6 months of hire. * Required certifications: * Offensive Security Certified Professional (OSCP) * GIAC Certified Penetration Tester (GPEN) * GIAC Web Application Penetration Tester (GWAPT) * Highly desired certifications: * Certified Information System Security Professional (CISSP) * Offensive Security Certified Penetration Expert (OSCE) * Other IAT/IAM Level I, II & III Certifications will be beneficial. AAP/EEO Statement: DNI complies with all federal, state and local laws designed to protect employees and job applicants from discrimination based on race, religion, color, sex, parental status, national origin, age, disability, genetic information, military service, or other non-merit-based factors. Other Duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.