NASA IV&V Cyber Defense Analyst
Posted by Ashleigh Duque on March 13, 2018
To apply to this job, click here.
RPI Group, Inc. is seeking a NASA IV&V Cyber Defense Analyst to join a team of qualified, diverse individuals. This position will be located in Fairmont, WV. We support NASA’s Independent Verification and Validation (IV&V) Program, primarily delivering analysis, validation and verification of safety-critical and mission-critical software for important NASA programs.
Job Duties/ Responsibilities:
- Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within environments under assessment or review for the purposes of mitigating threats.
- Gaining an understanding of NASA requirements and the application of NASA security requirements within the current cyber landscape
- Vulnerability assessment support, including analysis of vulnerabilities from NASA, other agencies and the commercial sector
- Coordination and managing high school interns engaged in support of SSO during the summer months
- Other Information Assurance and SSO functions as assigned. Examples include but are not limited to:
- Execute and operate cybersecurity tools such as Metasploit
- Support the generation of vulnerability assessment reports
- Develop cybersecurity white papers for NASA
- Support Software Assurance Research Projects
- Bachelors’ degree in a directly related field and 8+ years of experience. Four (4) years of relevant experience or domain specific certifications may be substituted for each degree requirement.
- Ability to obtain and maintain a TS/SCI clearance
- Ability to ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level, characterize and analyze network traffic to identify anomalous activity and potential threats to network resources, reconstructing a malicious attack or activity based off network traffic, perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy, examine network topologies to understand data flows through the network, recommend computing environment vulnerability corrections.
- Able to take ownership of tasks and problems and provides solutions and maintain excellent rapport with all internal and external customers
- Ability to travel up to 30%
- Experience with modeling networks (RedSeal)
- Active Top Secret Clearance
- Experience with PCAP analysis tools (e.g., RSA NetWitness, Wireshark, tcpdump, Network miner)
- Ability to assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave, assess adequate access controls based on principles of least privilege and need-to-know, monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise, assess and monitor cybersecurity related to system implementation and testing practices as well as work with stakeholders to resolve computer security incidents and vulnerability compliance,
- Demonstrate skills developing and deploying signatures, detecting host and network based intrusions via intrusion detection technologies (e.g., Snort), determine how a security system should work(including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes, evaluate the adequacy of security designs, use incident handling methodologies, collect data from a variety of cyber defense resources, recognize and categorize types of vulnerabilities and associated attacks, read and interpret signatures (e.g., snort), assess security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.), conducting and recognizing vulnerabilities in security systems.(e.g., vulnerability and compliance scanning), conduct trend analysis, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) and use cyber defense Service Provider reporting structure and processes within one’s own organization.
- Ability to accurately and completely source all data used in intelligence, assessment and/or planning products, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) and apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Location: , Fairmont, WV 26554, United States
- Salary: Not provided
- Clearance Required: Yes
- Spouse Friendly: No