We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Life Cycle Engineering jobs

Vulnerability Assessment Analyst

Life Cycle Engineering
sick time, 401(k)
United States, Missouri, St. Louis
Jan 13, 2025
Vulnerability Assessment Analyst:

Position Summary:

As Vulnerability Assessment Analyst , you will perform assessments of systems and networks for the National Geospatial-Intelligence Agency (NGA) in St. Louis, MO. You will measure the effectiveness of defense in-depth architecture against known vulnerabilities.

Clearance Requirement:

  • Must have an active DoD Top Secret/SCI security clearance


Essential Functions and Responsibilities:

  • Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  • Conduct and/or support authorized penetration testing on enterprise network assets.
  • Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
  • Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
  • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
  • Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
  • Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
  • Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).



Required Education, Skills, and Experience:

  • 5 years of experience in cybersecurity
  • IAT Level 2 certification (Security+ or equivalent)
  • Must have Two (2) Penetration Testing Certifications (e.g., PenTest+, GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT)
  • Ability to conduct penetration tests
  • Ability to conduct vulnerability scans and knowledge of cyber threats and vulnerabilities.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of application vulnerabilities.
  • Knowledge of cryptography and cryptographic key management concepts
  • Knowledge of data backup and recovery.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of programming language structures and logic.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of systems diagnostic tools and fault identification techniques.
  • Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
  • Knowledge of interpreted and compiled computer languages.
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Knowledge of ethical hacking principles and techniques.
  • Knowledge of data backup and restoration concepts.
  • Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
  • Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
  • Knowledge of an organization's information classification program and procedures for information compromise.



Physical Demands and Expectations:

  • Regular physical activity to include walking, climbing stairs, bending, stooping, reaching, lifting (up to 15 pounds), and standing; occasional prolonged sitting
  • Ability to speak, read, hear and write, with or without assistance
  • Ability to use phone and computer systems, copier, fax and other office equipment



This position description represents a summary of the major components and requirements of the outlined job. Other duties and responsibilities may be assigned or required as business needs dictate. Questions regarding this description should immediately be addressed to the department manager or to Human Resources.
L IFE CYCLE E NGINEERING

Life Cycle Engineering (LCE) is a privately held, employee-owned company with an emphasis on "doing the right thing the right way", which applies to the way we treat our customers and employees. We are proud to have been recognized as a "Best Place to Work" for 17 years running! Learn more below and at www.lce.com.

Mission

Our mission is to enable people and organizations to achieve their full potential.

As a professional services organization, our mission is focused on our clients' people and organizations. It is our company's cornerstone belief that we will not lead the industry in assisting our clients unless we excel at helping our own people and teams reach their full potential.

Culture

Our corporate culture encourages personal and professional growth because LCE's success depends on the talent, innovation, professionalism, and commitment of its employees. LCE is a strengths-based organization focused on turning individual talents into strengths and then turning individual strengths into organizational performance that supports our clients' success.

Benefits

  • Affordable Medical/Dental/Vision Plans for employees and their families
  • Free Employee Life and Disability Insurance, with supplemental coverage options available
  • Health Savings Account and Flexible Savings Account options
  • Company matched 401(k) & company-funded Employee Stock Ownership Program (ESOP)
  • Paid Vacation, Holiday, Sick Leave
  • Continuing Education and Professional Development programs at all levels
  • Flexible Schedules and Relaxed Dress Code
  • Employer-sponsored events, social collaboration, and open communication
  • Free access to an extensive online training library, including certification prep
  • Bonus Program for outstanding contributions, Employee Referral Program, numerous Recognition Opportunities, and more...


*Benefits may vary by business unit and location. https://www.lce.com/why-work-at-lce/#benefits

Life Cycle Engineering (LCE) shall abide by the requirements of 41 CFR * 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that LCE take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, because of or on the basis of pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation, and any other status protected by applicable state law. In addition, LCE will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. LCE shall also abide by the requirements of 29 CFR Part 471, Appendix A.
Applied = 0
MORE JOBS LIKE THIS

(web-6f6965f9bf-g8wr6)