Analyze organization's cyber policies and configurations and evaluate compliance with regulations and organizational directives.
Conduct and/or support authorized penetration testing on enterprise network assets.
Maintain deployable cyber audit toolkit (e.g., specialized cyber software and hardware) to support cyber audit missions.
Maintain knowledge of applicable cyber policies, regulations, and compliance documents specifically related to cyber auditing.
Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)
Top Skills:
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Skill in the use of penetration testing tools and techniques.
Skill to apply cyber security and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Requirement:
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Skill in assessing the robustness of security systems and designs.
Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
Skill in mimicking threat behaviors.
Skill in the use of penetration testing tools and techniques.
Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
Skill in reviewing logs to identify evidence of past intrusions.
Skill in conducting application vulnerability assessments.
Skill in performing impact/risk assessments.
Skill to develop insights about the context of an organization's threat environment.
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Education: Bachelors degree in cybersecutiy or IT related field
Abilities:
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
Ability to apply programming language structures (e.g., source code review) and logic.
Ability to share meaningful insights about the context of an organization's threat environment that improves its risk management posture.
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Conduct and/or support authorized penetration testing on enterprise network assets.
Maintain deployable cyber audit toolkit (e.g., specialized cyber software and hardware) to support cyber audit missions.
Maintain knowledge of applicable cyber policies, regulations, and compliance documents specifically related to cyber auditing.
Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)
Top Skills:
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Skill in the use of penetration testing tools and techniques.
Skill to apply cyber security and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Requirement:
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Skill in assessing the robustness of security systems and designs.
Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
Skill in mimicking threat behaviors.
Skill in the use of penetration testing tools and techniques.
Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
Skill in reviewing logs to identify evidence of past intrusions.
Skill in conducting application vulnerability assessments.
Skill in performing impact/risk assessments.
Skill to develop insights about the context of an organization's threat environment.
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Education: Bachelors degree in cybersecutiy or IT related field
Abilities:
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
Ability to apply programming language structures (e.g., source code review) and logic.
Ability to share meaningful insights about the context of an organization's threat environment that improves its risk management posture.
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).