AT&T Cyber Security/Incident Response/Web Risk Analyst (Government) in Norfolk, Virginia
Seeking experienced Cybersecurity and Incident Response Operations Analyst to provide technical support, assistance, and training for unique tactics, techniques, and procedures (TTP) and information technology required to support Web Risk Assessment (WRA), part of the Navy’s Cyber Red Teaming mission. This position will involve participation in annual, crisis, and other Web Risk Assessments and annual cyber analysis studies and may include additional requirements such as incident response threat validation and reporting, incident and threat coordination and communication, participation in the development of cyber analysis growth and improvement opportunities and advisory boards, extensive writing and briefing opportunities, certification and accreditation activities
Candidate must have a minimum of five (5) years of experience in providing highly technical subject matter expertise (SME) and expert guidance to government personnel in the execution of WRA operations or penetration testing and demonstrated experience in at least five of the following areas:
Research various cyber actors’ TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into penetration tests or web risk assessment operations
Demonstrated expertise with website scanning and exploitation tools such as HP WebInspect, Accunetix, Burp Suite, Core Impact, etc.
Exploitation of vulnerabilities associated with most common operating web hosting platforms (IIS, Apache, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.)
Demonstrated experience performing manual vulnerability testing of web application to include the OWASP Top 10
Understanding of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX
Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
Development, modification, and utilization of network enumeration engines and Open Source Research (OSR) engines (i.e. Recon-ng, nmap, nessus)
Plan and execute technical cyber assessments or penetration tests
Development and utilization of testing methodology for cloud-based and networked systems
Modification, testing and utilization of computer network attack and exploitation tools
Operational Risk Management (ORM) concepts and application
This task requires compliance with DOD Directive 8570 on IA Workforce training and certification (IAT Level II).
Required Clearance: TS/SCI (MANDATORY Current Active or will not qualify
Desired: The following qualifications are desired, but not required:
Design, build, and implement software, Cyber assessment tools, information assurance products, or computer security applications.
Write software/scripts in any of the following computer programming languages (C/C++, Ruby on Rails, Python, and Perl)
Computer network or system design and implementation
AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V