Axiom Consultants
Cyber Tool Developer
Axiom Consultants, Norfolk, Virginia, United States, 23500
Position Objective:
This position requires a
TOP SECRET/SCI level security clearance . The Cyber Tool Developer position has been designated as a Cyber IT/Cybersecurity Workforce position in Specialty Area 62 and as a condition of employment incumbents of the position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M-5239.2. This position shall provide technical and analytical support, assistance, program management, and training for unique tactics, techniques, and procedures (TTP) and information technology required to support the NBT mission. Job Description:
Analyze the results from automated assessment tools to validate findings, determine their business impact, and eliminate false positives. Use commercial and open source network cyber assessment tools (e.g. Core Impact, Nmap, Metasploit, and Nessus). Manually discover key application flaws. Research various cyber actors' TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into Cyber Blue Teaming or penetration test operations. Develop and utilize testing methodology for threat emulation and vulnerability validation. Provide support to working groups, planning groups, operational planning teams, conferences, table top exercises, war games and operational experiments. Contribute findings to Blue Team reporting. Understand Navy networks for compliance with applicable DOD and Navy instructions and directives. Liaise with various DOD components concerning web vulnerability scanning and compliance guidelines and issues. Be a forward thinker. Qualifications:
Must possess a minimum of five (5) years of experience
in providing highly technical subject matter expertise and expert guidance to government personnel in the execution of operations and demonstrated experience in at least five of the following areas:
Hands-on experience performing Penetration Tests and Vulnerability Analysis for applications, network infrastructure and operating system infrastructures. Create or develop scripts that generate findings or reports by ingesting data from data sets taken during assessments and utilizing proven/formal processes, industry standards, and tools to include but not limited to: Perl, Shell, or other scripting/coding languages. Recommend solutions by defining database's physical structure and functional capabilities, database security, back-up and recovery specifications Conduct system or database performance monitoring and tuning Conduct training programs for staff on current and newly developed cyber tools. Work closely with an internal cross-functional team to create and/or customize themes, plugins, and extensions to support vulnerability discovery and reporting. Designs and implements new Stored Procedures and optimizes existing processing and publishing codes to improve performance and system stability Identifying mission area-related concepts and technologies for examining technology, including protocols, languages, clients, and server architectures, from the attacker's perspective. Developing and supporting development of Navy mission areas-related operational concepts, tactics, and experimental concepts and technologies. Provide subject matter expertise and guidance utilizing tools and techniques to conduct cyber vulnerability assessments of public facing IP addresses. Familiarity with National Institute of Standards and Technology (NIST) Special Publications. Working knowledge of the following defensive security techniques and technologies:
Possess a number of technical certifications, or similar, from the following list:
Bachelor's or Master's in Cyber, Computer Science or related Engineering discipline Offensive Security Certified Professional (OSCP) CompTIA Advanced Security Practitioner (CASP+) Linux + GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) certification GCFE - Windows Forensic Analysis GCFA - Advanced Digital Forensics, Incident Response, and Threat Hunting GNFA - Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
Have a working level ability with one of the below programing languages
Python Javascript SQL
Familiarity with Navy Information System Architecture.
Work Hours:
Required shift coverage: DAY SHIFT (07:30 AM/0730 - 4:00 PM/1600) working position (Monday - Friday). Remote work as authorized. If ever calling or talking to a candidate and they ask about remote work, they need to understand that they are expected to be on-site 5 days a week, but there may be rare and occasional times that it's approved by the proper authorized personnel.
Axiom offers competitive compensation packages including comprehensive medical/dental/life insurance and matching 401(k) contribution.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
TOP SECRET/SCI level security clearance . The Cyber Tool Developer position has been designated as a Cyber IT/Cybersecurity Workforce position in Specialty Area 62 and as a condition of employment incumbents of the position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M-5239.2. This position shall provide technical and analytical support, assistance, program management, and training for unique tactics, techniques, and procedures (TTP) and information technology required to support the NBT mission. Job Description:
Analyze the results from automated assessment tools to validate findings, determine their business impact, and eliminate false positives. Use commercial and open source network cyber assessment tools (e.g. Core Impact, Nmap, Metasploit, and Nessus). Manually discover key application flaws. Research various cyber actors' TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into Cyber Blue Teaming or penetration test operations. Develop and utilize testing methodology for threat emulation and vulnerability validation. Provide support to working groups, planning groups, operational planning teams, conferences, table top exercises, war games and operational experiments. Contribute findings to Blue Team reporting. Understand Navy networks for compliance with applicable DOD and Navy instructions and directives. Liaise with various DOD components concerning web vulnerability scanning and compliance guidelines and issues. Be a forward thinker. Qualifications:
Must possess a minimum of five (5) years of experience
in providing highly technical subject matter expertise and expert guidance to government personnel in the execution of operations and demonstrated experience in at least five of the following areas:
Hands-on experience performing Penetration Tests and Vulnerability Analysis for applications, network infrastructure and operating system infrastructures. Create or develop scripts that generate findings or reports by ingesting data from data sets taken during assessments and utilizing proven/formal processes, industry standards, and tools to include but not limited to: Perl, Shell, or other scripting/coding languages. Recommend solutions by defining database's physical structure and functional capabilities, database security, back-up and recovery specifications Conduct system or database performance monitoring and tuning Conduct training programs for staff on current and newly developed cyber tools. Work closely with an internal cross-functional team to create and/or customize themes, plugins, and extensions to support vulnerability discovery and reporting. Designs and implements new Stored Procedures and optimizes existing processing and publishing codes to improve performance and system stability Identifying mission area-related concepts and technologies for examining technology, including protocols, languages, clients, and server architectures, from the attacker's perspective. Developing and supporting development of Navy mission areas-related operational concepts, tactics, and experimental concepts and technologies. Provide subject matter expertise and guidance utilizing tools and techniques to conduct cyber vulnerability assessments of public facing IP addresses. Familiarity with National Institute of Standards and Technology (NIST) Special Publications. Working knowledge of the following defensive security techniques and technologies:
Possess a number of technical certifications, or similar, from the following list:
Bachelor's or Master's in Cyber, Computer Science or related Engineering discipline Offensive Security Certified Professional (OSCP) CompTIA Advanced Security Practitioner (CASP+) Linux + GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) certification GCFE - Windows Forensic Analysis GCFA - Advanced Digital Forensics, Incident Response, and Threat Hunting GNFA - Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
Have a working level ability with one of the below programing languages
Python Javascript SQL
Familiarity with Navy Information System Architecture.
Work Hours:
Required shift coverage: DAY SHIFT (07:30 AM/0730 - 4:00 PM/1600) working position (Monday - Friday). Remote work as authorized. If ever calling or talking to a candidate and they ask about remote work, they need to understand that they are expected to be on-site 5 days a week, but there may be rare and occasional times that it's approved by the proper authorized personnel.
Axiom offers competitive compensation packages including comprehensive medical/dental/life insurance and matching 401(k) contribution.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)