The Sr. Cyber Analyst will assist in the evaluation of system operational design, system integration, and hardware configurations in accordance with applicable IC, DoN and DoD standards and policies. The candidate will provide Information Assurance (lA) services, supporting Assessment and Authorization (A amp;A), software analysis, software developer/coder, vulnerability assessment, software reverse engineering, and penetration testing.
The candidate will provide technical services and perform analysis, planning support and project management for a small team of onsite engineers and technicians. Additionally, this individual will act as a “Site Lead” over 4 other technical people. The Senior Cyber Analyst /Penetration Tester shall communicate on a daily basis with the Government technical POC and/or COR regarding any issues that have arisen that have the potential to affect agreed upon delivery or accomplishment dates.
Roles and Responsibilities:
The Sr. Cyber Analyst (Penetration Tester) will provide engineering, test and analysis services in support of software penetration testing in web, mobile, external, internal and wireless networks.
The candidate will provide the following penetration testing services:
Perform reconnaissance amp; identify assets that might be a target for exploitationUtilize scanning tools to identify vulnerable assetsGain access via networks, operating systems or one (or more) applicationsIdentify tools that permit the attacker to return undetectedIdentify activities undertaken by an attacker to hide (mask) the activities associated with the compromise
Perform Technical liaison on-site to ensure the Contracting Officer's Representative (COR) is informed regarding progress/ potential areas of concern.
Provide a Task Order Monthly Report (CDRL A001) including status of Milestones and identifying problems/deficiencies. The contractor shall attend and provide Program Review documentation.
Review and provide Technical Reports
Basic Qualifications (minimum qualifications an applicant must meet in order to be considered for this role) - Active Top Secret clearance with SCI eligibility, and be able to obtain and maintain a TS/SCI Security Clearance. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.
BA/BS and 11+ years of prior relevant experience or MA/MS with 9+ years or prior relevant experience.
5+ years of demonstrated experience in engineering, test and analysis services in support of software penetration testing in web, mobile, external, internal and wireless networks.
Penetration testing experience to include:
*perform reconnaissance amp; identify assets that may be a target for exploitation*utilize scanning tools to identify vulnerable assets*gain access via networks, operating systems or one (or more) applications*identify tools that permit the attacker to return undetected*identify activities undertaken by an attacker to mask activities associated with the compromise
2+ years of experience supervising or leading teams or projects.
Familiarity with vulnerability management and penetration testing tools (e.g., NMAP, Nessus, Burp, ZAP, Nexpose, etc.), operating system internal functions, reading/writing assembly language (e.g. x86, x64, ARM, PPC, etc.), exploit mitigations (e.g., DEP and ASLR), network protocols (e.g., TCP/IP network stack layers and physical network), cryptography (MDx, SHA, DES, AES, etc.) and developing/breaking embedded systems
Ability to present/defend positions and build consensus with technical/non-technical personnel across different agencies/organizations
Preferred Qualifications:Candidates with these desired skills will be given preferential consideration
Ability to effectively present technical information to reviewers in oral and written formats.
Current DoDD 8570.01-M, IAT-III or IAM-II IA Baseline Certification, such as CISSP or CASP and/or DoDD 8570.01-M, CNDSP Analyst IA Baseline Certification, such as CEH, GCIA, or GCIH.
Familiarity with the JAFAN 6/0, Special Access Program Security Manual; SCI Administrative Security Manual (DoD Manual 5105.21); Intelligence Community Directives (ICD); DoD SAP Security Manual (DoD Manual 5205.07) Volumes 1-4; and any subsequent Implementation Guides.
Experience working independently to achieve day-to-day objectives with significant impact on operational results or project deliverables. Responsible for entire projects or processes within a technical area.
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems Global Solutions business (IS GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer.