Sr. Cybersecurity Analyst
Washington, DC | Contract to Hire
Senior Cybersecurity Vulnerability Specialist
The Senior Cybersecurity Vulnerability Specialist will use web security inspection tools to perform security testing of production web application servers. The chosen candidate will perform web-based vulnerability testing with tools on production systems that are upgraded or coming online. Once the vulnerability tools are run, candidates will be required to analyze results and write reports based on their findings and follow up with systems owners about the results of the tests.
Specifically, the candidate will:
- Perform security testing activities that include vulnerability discovery and risk analysis, which includes recommendations for risk mitigation.
- Perform security testing of IT assets that are in a pre-production or pre-deployment capacity, such as web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, and common application platforms.
- Conduct kickoff meetings and exit briefings
- Meet with business owners to respond to ad-hoc questions, test findings, or other IT security related concerns
- Prepare technical responses to security questions
- Develop content for security articles, Electronic Learning Modules, IT Security Resource Packets, Configuration Guides, and IT brochures.
- Actively participate in team activities, to include recurring team meetings and process improvement discussions.
- Develop and present vulnerability and security testing demonstrations for business owners and team members.
- Bachelor’ s Degree and 6 years of IT experience (or High School Diploma and 12 years of IT experience).
- At least 6 years of experience in cybersecurity management, operational, and/or technical activities.
- At least 4 years of experience with the National Institute of Standards (NIST) cybersecurity standards and best practices.
- Candidates should understand how the testing directly correlates to the Federal Risk Management Framework (RMF) or the Judiciary Information Security Framework (JISF).
- Candidates must be able to interpret testing results/categories back to the NIST/RMF framework and provide a non-technical brief to system owners.
- At least 2 years conducting IT security testing in a business environment.
- Understanding of IT security testing and appropriate tools.
- Knowledge of potential vulnerabilities and threats to existing web applications, databases, and operating system technologies.
- Knowledge of cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Verification Standard and security testing tools, i.e., CoreImpact, Qualys Guard, Nessus, Metasploit, App Detective, App Scan, Burp Suite, HP Web Inspect, Kali [BackTrack], NMAP
- Capable of performing security testing of Judiciary IT assets, gathering and aggregating testing data for trend analysis, developing and maintaining documentation to support the testing process, and actively working to ensure the testing process matures in-line with industry and Judiciary requirements and expectations.
- Attention to detail.
- Possess one of the following industry-recognized cybersecurity certifications:
- GIAC Certified Incident Handler (GCIH)
- Offensive Security Certified Professional (OSCP)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- Offensive Security Web Expert (OSWE
- Certified Ethical Hacker (CEH)
Preferred Undergraduate/Graduate Education
- Attending/attended a cybersecurity program at a college/university.