Cyber Security Risk Analyst/ CSET Lead

Salary Statement

Estimated Starting Salary Range: USD $146,800.00/Semi-Monthly - USD $244,650.00/Semi-Monthly Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

Description

• Overseeing CSET Team operators and providing guidance and subject matter expertise to government personnel
• Support offensive security/red team/adversarial emulation testing
• Executing Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery
• Developing comprehensive security testing strategies and programs across NCRC-U to provide assurance that security controls are designed and operating effectively
• Developing innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to customer needs
• Facilitating multiple stakeholders to agree on appropriate solutions and verifying that risks are mitigated appropriately. Demonstrate creativity, insight, intellectual flexibility, and sound business judgment throughout the process
• Working independently but collaborating with cross-functional to provide security engineering consulting and control design recommendations to reduce risk
• Conducting open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure
• Systematically analyzing each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering
• Developing payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement
• Safely utilizing attacker tools, tactics, and procedures when in sensitive environments/devices
• Evading EDR devices such as Windows Defender and Carbon Black to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives
• Demonstrating expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure
• Carefully documenting and logging all exploitation activities
• Continually exercising situational awareness in order quickly identify any instances of cohabitation
• Documenting identified vulnerabilities and researching corrective/remediation actions in order to recommend a risk mitigation technique(s)
• Demonstrating new vulnerabilities and assisting Network Defenders (Blue Team) with the refinement of detection capabilities
• Maintaining knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents
• Communicating effectively with team members and during an engagement
• Ability to think unconventionally in order to develop adversarial TTPs
• Keeping current with TTPs and the latest offensive security techniques

[#LI-DG1]

Requirements

Bachelor’s Degree in Information Systems or related field, a minimum of ten years of cyber security experience including five years of leadership roles or an equivalent combination of education and experience.• Desired certifications include one or more of the following: Certified in Risk and Information Systems Control (CRISC), Certified Information System Security Professional -Management (CISSP-ISSMP), Offensive Security Certified Professional (OSCP) and Certified Information Security Manager (CISM). • Recognized as an authority in the cyber security and risk management fields with a proven record of creative work, preferably to include published papers, patents, and disclosures.• There are only a handful of incumbents as this job is regarded as the foremost highest expert on a technical cyber security topic.

Desired Skills

• Master’s degree with a focus in computer science or cybersecurity
• 10+ years of experience supporting the execution of Department of Defense (DoD) offensive cyber operations (OCO) or defensive cyber operations (DCO) as a civilian, contractor, or uniformed personnel
• Experience with operational training programs and qualification standards
• Red Team, Computer Operator or Exploitation Analyst experience with Threat Systems Management Office (TSMO), US Air Force, US Navy or National Security Agency (NSA) / Cyber Mission Force teams
• Experience with OT, IoT, XIoT is a plus

Clearance Information

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS, A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL

Travel Requirements

N/A

About Us

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

 

SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Diversity & Inclusion

We strongly believe in the abundance of differences among individuals. We value different points of view and appreciate diverse perspectives. We truly believe this is what makes our organization inclusive and more responsive to the needs of our diverse customers.

EEO

Scientific Research Corporation is an equal opportunity and affirmative action employer that does not discriminate in employment. All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, or national origin, disability or protected veteran status.

 

Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact jobs@scires.com for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.