Cybersecurity Analyst

Ukpeagvik Inupiat Corporation - Dahlgren, VA

posted 5 months ago

Full-time
Dahlgren, VA
Construction of Buildings

About the position

Bowhead is seeking a skilled full-time Cybersecurity Analyst to join our team in Dahlgren, VA. The ideal candidate will be responsible for ensuring GWS fleet and land-based configurations are assessed and authorized with respect to Department of Defense (DOD) Cybersecurity policies. This role involves conducting vulnerability scans and recognizing vulnerabilities in security systems, utilizing DoD network analysis tools to identify vulnerabilities such as ACAS and HBSS, and performing application vulnerability assessments. The Cybersecurity Analyst will also be tasked with identifying systemic security issues based on the analysis of vulnerability and configuration data, sharing meaningful insights about the context of an organization's threat environment to improve its risk management posture, and applying cybersecurity and privacy principles to organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation. In addition, the analyst will troubleshoot and diagnose cyber defense infrastructure anomalies, working through resolution, and perform impact/risk assessments. The position requires a strong understanding of computer networking concepts and protocols, network security methodologies, and the ability to apply system, network, and OS hardening techniques. The successful candidate will also need to demonstrate skills in securing network communications, protecting against malware, and using Virtual Private Network (VPN) devices and encryption. Other duties may be assigned as necessary to support the organization's cybersecurity objectives.

Responsibilities

  • Conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.).
  • Conducting application vulnerability assessments.
  • Identifying systemic security issues based on the analysis of vulnerability and configuration data.
  • Sharing meaningful insights about the context of an organization's threat environment that improve its risk management posture.
  • Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution.
  • Performing impact/risk assessments.

Requirements

  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skill in using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.).
  • Skill in system, network, and OS hardening techniques (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
  • Skill in conducting application vulnerability assessments.
  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust).
  • Knowledge of basic system, network, and OS hardening techniques.
  • Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

Nice-to-haves

  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of network traffic analysis methods.
  • Knowledge of Virtual Private Network (VPN) security.
  • Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi), paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • Knowledge of application security risks.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service