Key skills
ApacheCyber SecurityDNSOracleSQLUnixVoIPSQL ServerCommunicationPenetration TestingFirewall
About this role
Role Overview
- Independently perform complex security analyses of classified and unclassified applications, systems, and enclaves to verify compliance with security requirements.
- Conduct Command Cyber Readiness Inspections (CCRI) and comprehensive cybersecurity vulnerability evaluations.
- Apply a broad set of security techniques, technologies, and tools to assess security posture in highly complex computer systems and networks.
- Perform vulnerability and risk analyses and participate in computer security penetration studies to identify and remediate security gaps.
- Analyze and define security requirements for computer and networking systems, including mainframes, workstations, and personal computers; recommend practical solutions to meet security requirements.
- Gather, organize, and interpret technical information about an organization’s mission goals and needs; translate findings into actionable security improvements.
- Provide enterprise-wide technical analysis and direction for problem definition, analysis, and remediation of complex systems and enclaves.
- Deliver actionable recommendations and advice to client executive management on system improvements, optimization, and ongoing maintenance across areas, including:
- Information Systems Architecture
- Automation, Telecommunications, and Networking
- Communication Protocols
- Application Software
- Electronic Email, VOIP, and Video Teleconferencing (VTC)
- Demonstrate competence across all phases of information systems auditing, from planning and scoping to evidence collection, testing, reporting, and follow-up.
- Prepare clear, concise audit reports and executive summaries with prioritized remediation plans and realistic timelines.
- Collaborate with cross-functional teams (IT, security, operations, and management) to implement and validate corrective actions.
- Stay current with evolving cybersecurity threats, controls, standards, and regulatory requirements to maintain audit readiness.
Requirements
- Seven years of IT experience.
- Five years of IA (Information Assurance) experience.
- Strong analytical and problem-solving skills for resolving security issues.
- Strong skills in implementing and configuring networks and network components.
- Demonstrated proficiency in performing CCRI, vulnerability assessments, and penetration testing on networks, databases, computer applications, and IT frameworks.
- Command Cyber Readiness Inspection (CCRI) experience in at least one of the following areas:
- Nessus scan analysis
- Operating Systems (Windows, Unix)
- Boundary defense (network policy, router, firewall)
- Internal defense (L2/L3 switches)
- DNS policy and DNS servers (BIND/Windows)
- HBSS (remote console, AV, ABM, PA, HIPS, ePO)
- Traditional security (Common, Basic, NCV, SCV)
- Wireless communications (BES, handhelds)
- Tenable Certified Nessus Auditor
- Knowledge and understanding of DoD security regulations and DISA Security Technical Implementation Guides (STIGs)
- Understanding of SCAP (Security Content Automation Protocol)
- Familiarity with and proficiency in:
- Vulnerability assessment tools (e.g., VULNERATOR, Nessus, SCCM)
- USCYBERCOM CTO Compliance Program
- Wireless vulnerability assessment
- Web services (IIS, Apache, Proxy)
- Databases (SQL Server, Oracle)
- Email services (Exchange)
- Vulnerability scans (NESSUS, SCCM)
- Phishing exercises
- Container image scans
- USB security detection
- Physical security considerations
- Familiarity with the AUTOCHECKLIST Tool (for audit checklists and evidence collection)
Tech Stack
- Apache
- Cyber Security
- DNS
- Oracle
- SQL
- Unix
- VoIP
Benefits
- Potential for Telework: offsite work granted in advance in writing by the COR