Vulnerability Assessment and Management SME

Location: Ability to perform in various geographic locations or onsite as neededJob Category: Information TechnologyTime Type: Full timeMinimum Clearance Required to Start: TS/SCI clearance requiredEmployee Type: W2 or 1099Citizenship: US Citizen (non-dual citizenship)NexThreat is looking for a Vulnerability Assessment and Management SME to perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measure the effectiveness of defense-in-depth architecture against known vulnerabilities.Specific responsibilities:• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.• Maintain a deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.• Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).Qualifications:• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data and ability to apply programming language structures (e.g., source code review) and logic.• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).• Knowledge of computer networking concepts and protocols, and network security methodologies, risk management processes (e.g., methods for assessing and mitigating risk), cybersecurity and privacy principles.• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).• Experience conducting security risk assessments.Education:• A bachelor’s degree plus 11 years of relevant experience, or a master’s degree plus 9 years of relevant experience, or a Doctoral degree and 7 years of relevant experience. The following may also be considered for individuals with in-depth experience that is clearly related to the position: an associate degree plus 13 years of relevant experience.• Degree must be in Network Engineering, Systems Engineering, Information Technology or related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Computer Science, Computer Forensics, Cyber Security, Software Engineering, Information Assurance, or Computer Security).Desired Qualifications:• CEH Certified Ethical Hacker• CFR CyberSec First Responder• CySA CompTIA Cybersecurity Analyst• GCFA GIAC Certified Forensics Analysis• GCIH GIAC Certified Incident Handle• SCYBER Cisco Cybersecurity Specialty Certification• CNDSP Computer Network Defense Service Provider• CSSP-IR DoD Cyber Security Service Provider for Incident ResponderClearance Requirements: TS/SCI clearance is required.