** Bonus (Hiring/Relocation) available for Qualified Candidates with Active TS/SCI clearances **
** This position is located in San Diego, CA **
Develop detailed offensive and defensive security plans and execute plans after their approval.
Analyze risks and provide digital security infrastructure assessments, completed with testing & audits.
Design, test, and implement secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
Conduct risk and offensive vulnerability assessments at network, system and application levels.
Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.
Assists in the implementation of the required government policy (i.e., NISPOM, ICD 503, and makes recommendations on process tailoring.
Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.
Required Skills and Certifications:
Ability to work with and build relationships with a variety of stakeholders; government technical representatives, and other supporting contractors; excellent written and oral communications; ability to work independently or in a team collaborative environment; ability to brief senior government personnel; has a solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked systems
Possess Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester (OPST), OSSTMM Professional Security Expert (OPSE) and/or equivalent certification
Certified in one or more of CISSP, CISM, or CISA, and Security , Network .
Ability to develop Penetration Test Plans that exercises holistically the security postures of hardware and software components of networks, operating systems, web sites and applications
Deploys, maintains, and troubleshoots security testing tools, as required
Maintains proficiency in network, web, operating system and application penetration testing
Performs and documents remediation planning (Must meet the minimum penetration testing standards and proficiency necessary for applicable security controls outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53).
Experienced in tracking and reporting Development and Integrator Teams' implementation of product security requirements throughout software development lifecycle, including post-production and distribution
Documents efforts using Word, Excel and Visio.
Desired Skills and Certifications:
Working experience with Assured Compliance Assessment Solution (ACAS) scan analysis, Security Technical Implementation Guide (STIG) Checklists, Security Content Automation Protocol (SCAP) Compliance Checker (SCC) benchmarks, Vulnerator, XACTA, and McAfee ePolicy Orchestrator (ePO) and Host-Based Security System (HBSS)
Experience with policy implementation that includes NIST, Department of Defense (DoD), Department of Homeland Security (DHS), Department of the Navy (DON), Federal Information Security Management Act (FISMA), Office of Manpower and Budget (OMB), Federal Information Processing Standards (FIPS), and/or Committee of National Security Systems (CNSS).
Past performance with hard disk and memory forensics