Unclassified - Reston, VA
posted 4 months ago
JCIP Expert Technical Reviewer - Windows/Web/Database Location: Reston, VA; Washington, DC; Northern Virginia National Capital Region Clearance: TS/SCI w/CI Poly Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Our vision of cybersecurity as a holistic, ongoing journey enables us to offer solutions that effectively mitigate risks and address vulnerabilities within any enterprise. As the cyber landscape continuously evolves, so do we, ensuring our services not only meet but exceed the ever-changing needs of our mission-critical clients. From compliance assessments and vulnerability analysis to comprehensive information system security management, Apavo's suite of services is designed to protect and serve the most sensitive and significant sectors of our society. Joining the Apavo team means becoming part of a company rooted in the principles of integrity, quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, Apavo is the place for you. Apavo is seeking a Cybersecurity Technical Reviewer with Windows web database expertise. This position will play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). This role is responsible for conducting thorough inspections of Windows systems, including OS, Database Server, Web, Domain Controllers, Exchange, and Workstations. The successful candidate will analyze and assess system and application security threats and vulnerabilities, including buffer overflow, mobile code, cross-site scripting, PL/SQL injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code. Additionally, the role involves performing reviews related to Windows 10 End of Support Schedules, Operating System Information, Hardware Information, Windows Secure Host Baseline, TPM, BitLocker drive encryption, patches, software installations, PowerShell commands, WMI, DSQuery, LDAP, user rights, group membership, password management, system security settings, Group Policy, Local Security Policy, file and share permissions, registry settings, logging, retention settings, collection options, and centralized log aggregation. The Cybersecurity Technical Reviewer will engage with leadership and site technical staff to facilitate scoping, data support, and execution of operational inspection plans. Conducting interviews with organizational subject matter experts for STIG, SRG, and IC policy checklists is also a key responsibility. The role requires collecting and reviewing data to support comprehensive Threat Informed Critical Controls List (TICCL) and providing input on security controls, potential vulnerabilities, and MITRE ATT&CK© techniques. The successful candidate will plan, execute, and report on security audits and network vulnerability assessments, assist in the preparation of assessment deliverables, including Security Risk Assessments, compliance data, and STIG data, and communicate the impact of vulnerabilities through presentations and written reports. Finally, the role involves planning, executing, and reporting on information technology, privacy, and operational reviews to identify risks.