Responsibilities: Assisting enterprise efforts on risk assessment, detailed technical recommendations and coordination of vulnerability remediation and mitigation strategies; Developing and performing high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, evaluation of policy compliance and threat reporting, and vulnerability analysis of the organization’s overall enterprise security posture; Communicating recommendations to the responsible parties, and engaging in both tracking and verification of their remediation efforts. Building working relationships through consultation and support to effectively complete the computer network defense mission, while acknowledging and respecting stakeholder needs and requirements; Assisting in the analysis, selection, implementation, and/or development of enterprise security tools;
Documenting team processes for use in internal Standard Operating Procedures (SOPs), and other on-the-shelf documentation of processes for future team reference; Evaluating existing information security metrics for the purpose of analysis and greater enterprise security posture awareness; Preparing reports and conducting briefings for senior leadership related to both routine and high profile vulnerability analysis and mitigation.
Required Qualifications: Bachelor’s Degree or equivalent years of experience in a relevant field (e.g. Cybersecurity, Information Technology, or Computer Science); Minimum three (3) years of experience in information security, information technology, or related field; Proficiency in Splunk, Tanium, MS Azure Security Center, and other enterprise-level data analytics and enterprise detection & response tools; Experience with Windows Desktop, Windows Server and Linux operating systems and system administration – specifically with regard to patching and compliance; Experience with networking hardware (routers, switches, firewalls) and configurations – specifically with regard to patching and compliance; A solid understanding of core networking concepts such as DMZs, subnets, VLANs, private IP addressing and NAT; Proficiency in traditional Information Systems Security Officer (ISSO), Blue Team, or Red Team network security roles and activities; Experience performing manual and automated analysis of systems and networks, via enterprise scanning tools such as Nessus or Nexpose, to identify, assess, and mitigate vulnerabilities to strengthen organizational security posture; Experience performing risk assessments by correlating known vulnerabilities, understanding of the threat environment, and prioritization to mitigate risk to network assets, such as through the Risk Management Framework (RMF); Effective written and verbal communications skills to prepare and present security assessment results to stakeholders; Experience developing goals, processes and a methodology for effective cyber security assessments.
Active Secret (Minimum) security clearance.
Required Qualifications: CompTIA Security+ and/or Network+ certification; EC Council Certified Ethical Hacker (CEH) or CompTIA Advanced Security Practitioner (CASP) certifications; Familiarity with NIST Special Publication 800-53, CVE (Common Vulnerabilities and Exposures) standards, or related, such as DISA STIGs; Active Secret (Minimum) security clearance.
Desired Qualifications: Certified Information Security Systems Professional (CISSP). Extensive familiarity with NIST Special Publication 800-53, CVE (Common Vulnerabilities and Exposures) standards, or related, such as DISA STIGs. Experience with mobile device management solutions (such as Microsoft Intune or VMware AirWatch) and cloud application security. Experience with project management (e.g. Scaled Agile Framework and SCRUM as a project management frameworks) to ensure stakeholders remain on schedule. Excellent oral and written presentation skills. Experience in developing and leading remediation/ mitigation activities, and building strategies, status updates, and reporting on those activities. Active Top Secret security clearance.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.