SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.
The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas. Responsibilities includes simulating real-life cyber attacks with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize development/programming, live testing, system administration, reverse engineering, vulnerability assessments, system/network hardening, penetration testing and ultimately creativity skills. It is an opportunity for a team player to enhance a world-class team and learn/teach new skills.
- Experience conducting advance host/network/application penetration testing as a member of a technical team on live/operational systems
- Perform reverse engineering and static/dynamic test of desktop/web applications to find security flaws like zero-day vulnerabilities
- Review custom applications source code for security flaws and vulnerabilities
- Perform full-scope penetration test activities like zero-day discovery, exploit development and exploitation of vulnerabilities on operational network infrastructure devices, services, various operating systems and desktop/web applications
- Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
- Capable of doing the necessary research and development to produce TTPs and products (e.g. exploits, applications, etc.) to achieve systems exploitation
- Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
- Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools
- Informed in current information security threats, trends and vulnerabilities
- Research and formulate recommendations for vulnerabilities
- Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
- Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
- Develop proof-of-concept examples and scenarios for reports and live demonstrations
- Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and other team members
- Bachelors and nine (9) years or more of cyber experience; Masters and seven (7) years or more cyber experience ; PhD or JD and four (4) years or more cyber experience. In lieu of a degree, 13 years of IT experience with 9 years or more of cyber related experience.
- 3+ years conducting advanced host/network/application penetration testing as a member of a technical team on live/operational systems (knowledge must be beyond Metasploit Frameworks and vulnerability scanning tools).
- Ability to find/identify zero-day vulnerabilities through reverse engineering, source code review and dynamic/static testing.
- Previous coding and development of exploits/proof of concepts (PoCs) as well
- Current DoD SECRET clearance with the ability to be cleared up to TS/SCI
- ICS/SCADA, Cloud Computing are a plus
- Penetration test certifications like GXPN or OSCP are a plus
Apply on company website