Washington, District of columbia
Vulnerability Management�� Job Opening in Washington, District of columbia - Engility delivers innovative solutions to critical challenges facing the nation and the world. As a premier provider of integrated services for the U.S. government, we support the Department of Defense, intelligence community, space communities, federal civilian agencies and international customers. Engility is dedicated to making lives better, safer and more secure.
Performs ongoing assessment of systems and networks within the Criminal Division and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Identifies and manages vulnerabilities for hardware, operating systems and third party software. Assists in the development and maintenance of a configuration management program. Manages security technical risk metrics for the organization by ensuring timely and effective reporting and development of risk management approaches.
Examines data from multiple disparate sources with the goal of providing new insight. Designs and implements custom algorithms, flow processes for data sets used for modeling, data mining, and research purposes.
Required Qualifications:
Ability to maintain or currently possess a Public Trust clearance.
Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
Prepare audit reports that identify technical and procedural findings, and provide recommended remediation
Provide a managed flow of relevant information (via web-based portals or other means) based on mission requirements.
Provide recommendations on new database technologies and architectures.
Analyze data sources to provide actionable recommendations.
Assess the validity of source data and subsequent findings.
Collect metrics and trending data.
Develop and facilitate data-gathering methods.
Develop strategic insights from large data sets.
Present technical information to technical and non-technical audiences.
Present data in creative formats.
Program custom algorithms.
Provide actionable recommendations to critical stakeholders based on data analysis and findings.
Read, interpret, write, modify, and execute simple scripts (e.g., PERL, VBS) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data).
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
Ability to dissect a problem and examine the interrelationships between data that may appear unrelated.
Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
Desired Qualifications:
Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
Conduct and/or support authorized penetration testing on enterprise network assets.
Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
Manage the compilation, cataloging, caching, distribution, and retrieval of data.
Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
Conduct hypothesis testing using statistical processes.
Utilize technical documentation or resources to implement a new mathematical, data science, or computer science method.
Utilize different programming languages to write code, open files, read files, and write output to different files.
Develop and implement data mining and data warehousing programs.
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
Ability to build complex data structures and high-level programming languages.
Ability to identify basic common coding flaws at a high level.
Ability to use data visualization tools (e.g., Flare, HighCharts, AmCharts, , Processing, Google Visualization API, Tableau, ).
Ability to apply programming language structures (e.g., source code review) and logic.
Job Type: Full-time
Salary: $100,000.00 to $125,000.00 /year
Required education:
Bachelor's
|
