Vulnerability Assessment and Management SME with Security Clearance - San Antonio, TX, United States - Markesman Group

    Markesman Group
    Markesman Group San Antonio, TX, United States

    4 weeks ago

    Default job background
    Technology / Internet
    Description
    Title Vulnerability Assessment and Management SME Location San Antonio Description Markesman Group is looking for a Vulnerability Assessment and Management SME to join our team in San Antonio, Texas
    Vulnerability Assessment and Management SME performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy
    They measure the effectiveness of defense-in-depth architecture against known vulnerabilities

    Responsibilities:

    • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
    • Ability to apply programming language structures (e.g., source code review) and logic.
    • Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
    • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
    • Knowledge of computer networking concepts and protocols, and network security methodologies.
    • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
    • Knowledge of cybersecurity and privacy principles.
    • Knowledge of cyber threats and vulnerabilities.
    • Knowledge of specific operational impacts of cybersecurity lapses.
    • Knowledge of application vulnerabilities.
    • Knowledge of cryptography and cryptographic key management concepts
    • Knowledge of data backup and recovery.
    • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
    • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
    • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
    • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
    • Knowledge of programming language structures and logic.
    • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
    • Knowledge of systems diagnostic tools and fault identification techniques.
    • Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
    • Knowledge of interpreted and compiled computer languages.
    • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
    • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
    • Knowledge of system administration, network, and operating system hardening techniques.
    • Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
    • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
    • Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
    • Knowledge of ethical hacking principles and techniques

    Qualifications:

    • Must possess a Secret clearance
    About the Organization About Markesman Group Markesman Group has gathered the nation's foremost experts in Cyber, ISR, Enterprise IT and Intelligence Analysis
    We seek to lead with cutting edge technology, high quality development and best value services for both the government and commercial sectors
    Our team combines passion, acumen, focus, patriotism, desire, dedication and the love for the job to create value for our customers
    We pride ourselves in a rigorous selection process because not only do we want the best, we want the best to want us
    Working closely together as part of a service-disabled veteran owned small business, we enjoy a family environment where teammates challenge and elevate each other every day
    The Markesman family is always striving to solve tomorrow's problems, today
    EOE Statement We are an Equal Opportunity/Affirmative Action Employer
    We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law
    This position is currently accepting applications.