Cyber Systems Operation Research Analyst (CORA) Reviewer

Responsibilities

Peraton seeks a Cyber Operations Research Analyst (CORA) Reviewer to conduct DODIN cybersecurity reviews conducted on site at Continental United States (CONUS), Outside Continental United States (OCONUS), and DOD mission partner locations.  Travel is expected.

Location: Chambersburg, PA.

 

 

Tasks include:

• Support inspections,evaluations, audits, assessments, DCO-IDM missions, and/or self-assessments of the DODIN -- follow the DODIN Inspections and Assessments Schedule.
• Support on-the-job training and certify new Reviewers via the reviewer certification process. 
• Perform assessments of systems and networks within a Network Environment (NE) / enclave and identifiy deviations from acceptable configurations, enclave policy, or local policy. 
• Follow policies and procedures for specific review type, ensuring thattechnical expertise is properly represented.  
• Conduct vulnerability reviews, review Security Requirements Guides (SRGs), STIGs, DOD Policy, Cyber Tasking Orders (CTO) and Operational Orders to determine the security posture and compliance of the site/NE/enclave
• Assist in developing the Executive Summary/Briefings/Reports foreach trip/assessmet.
• Conduct internal and/or external vulnerability scans  
• Assemble scanning “packages” prior to conducting scans
• Perform technical Security Readiness Reviews (SRRs)
• Use  the appropriate technology STIG/SRG and, where applicable, the appropriate automated script or tool for that technology.
• Provide assessments of the security posture of the organization (traditional):  Personnel security, INFOSEC, Physical security, Industrial security, Counterintelligence, and overall security management. 
• Develop and maintain cybersecurity vulnerability review, inspection, and audit Standard Operation Procedures (SOPs), Tactics, Techniques and Procedures (TTPs), checklists, and guides
• Identify the root cause and gap analysis
• Provide resolution support during the Cybersecurity review
• Provide recommendations for fixes and mitigation strategies and validate post inspection vulnerability mitigation actions as requested.
• Identify where systems/networks deviate from acceptable configurations, enclave policy, or local policy.

Qualifications

Required:

• Minimum of 12 years experience with BS/BA, 10 years with MS/MA, 7 years with Ph.D. Will consider HS with 16 years of experience. 
• Senior Reviewers must have at least 2 years of direct experience 
• This position aligns to the KSA's idenified to the Vulnerability Assessment Analyst under the DOD Cyber Workforce Framework (DCWF):
  • Must have experience in collecting, analyzing, and assessing data in order to provide formal feedback.  Specifically, able to analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives (i.e., analysis of mitigations).
  • Should have experience with maintaining a deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.

  • Skilled in reviewing logs to identify evidence of past intrusions.

  • Able to identify systemic security issues based on the analysis of vulnerability and configuration data

  • Able to identify/assess proper acrchitecture for different operating environments

  • Understanding of cybersecurity strategy in cloud computing service and deployment models 

• Must have knowledge of applicable DOD cyber defense policies, regulations, and compliance documents  
• Needs to have an understanding of different types of reviews/assessments 
• As a CORA Reviewer, must cross-certify in multiple related technology areas to allow flexibility for assessment needs from various organizations (e.g., network reviewer may also support network vulnerability scan, virtual infrastructure, cloud, and other related areas)
• Travel is expected to worldwide locations.  Travel will be conducted in accordance with the Task Order guidelines.
• Current IAT Level II certification or the ability to obtain within 60 days of hire
• Current IAM Level II certification or the ability to obtain within 60 days of hire
• TS/SCI security clearance or the abllity to obtain SCI
• U.S Citizenship required

Preferred:

• Active TS/SCI clearance
• Current IAT Level III CSSP-Auditor certification
• Current IAM Level III certification

Benefits:

 

Peraton offers enhanced benefits to employees working on this critical National Security program, which include heavily subsidized employee benefits coverage for you and your dependents, 25 days of PTO accrued annually up to a generous PTO cap and participation in an attractive bonus plan.

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$146,000 - $234,000. This represents the typical salary range for this position based on experience and other factors.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.