Cybersecurity Analyst

Bowhead - Dahlgren, VA

posted 4 months ago

Full-time - Mid Level
Dahlgren, VA
Transportation Equipment Manufacturing

About the position

Bowhead is seeking a skilled full-time Cybersecurity Analyst to join our team in Dahlgren, VA. The ideal candidate will be responsible for ensuring GWS fleet and land-based configurations are assessed and authorized with respect to Department of Defense (DOD) Cybersecurity policies. This role involves conducting vulnerability scans, recognizing vulnerabilities in security systems, and using DoD network analysis tools to identify vulnerabilities such as ACAS and HBSS. The Cybersecurity Analyst will also conduct application vulnerability assessments and identify systemic security issues based on the analysis of vulnerability and configuration data. In addition to these responsibilities, the analyst will share meaningful insights about the context of the organization's threat environment to improve its risk management posture. The role requires applying cybersecurity and privacy principles to organizational requirements, which include confidentiality, integrity, availability, authentication, and non-repudiation. Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution is also a key part of the job, along with performing impact and risk assessments. The successful candidate will have a strong background in cybersecurity, with a focus on system, network, and OS hardening techniques. They will be expected to conduct vulnerability assessments and apply host/network access controls, as well as protect the network against malware. Other duties may be assigned as necessary, and the candidate must be prepared to adapt to the evolving cybersecurity landscape.

Responsibilities

  • Conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.).
  • Conducting application vulnerability assessments.
  • Identifying systemic security issues based on the analysis of vulnerability and configuration data.
  • Sharing meaningful insights about the context of the organization's threat environment that improve its risk management posture.
  • Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution.
  • Performing impact/risk assessments.

Requirements

  • DoDM 8140.03 certified (any IAT level 2 certification will meet requirement).
  • Seven (7) years of professional experience as a Cybersecurity Specialist with a specialization in cross domain solution implementation.
  • 5+ years of computer networking concepts and protocols, and network security methodologies experience.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust).
  • Experience working with Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • Experience working with network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Knowledge of application vulnerabilities.
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.

Nice-to-haves

  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of network traffic analysis methods.
  • Knowledge of Virtual Private Network (VPN) security.
  • Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi), paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • Knowledge of application security risks.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service