ANALYGENCE Inc
Security Architect - Database
ANALYGENCE Inc, San Antonio, Texas, United States, 78208
Description
The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems.
In support of this mission, ANALYGENCE has an immediate opportunity for a
Security Architect - Database . In this role you will be responsible for performing security audits, risk assessments and analyses with adherence to DISA STIGs, NIST, and industry best practices; duties to include vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately "tell the story" of how the vulnerability was exploited and what the overall impact would be to particular hosts or networks.
Duties:Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and databases (i.e., MS SQL Server, Oracle, PostgreSQL, MySQL (Maria DB), Mongo DB, Sybase, IBM DB2, SQLite, FireBird, and Informix)Demonstrated ability to methodically analyze problems and identify potential solutions.Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.Analyze and evaluate database schemas and current or proposed configurations to discern weaknesses for exploitation and supply recommendations for enhancing database internal and external security; document and transition results in reports, presentations, and technical exchanges.Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.Craft recommendations for customer to prevent/mitigate attempted breaches of database security and database security weaknessesRender guidance on formulating security policies, procedures, along with tactics, techniques and procedures to enhance data and database protections.Possess good writing and communications skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.Position requires travel up to 25%.Requirements
Current Top Secret clearance with SCI eligibilityBachelor's degree in a related field (focused on engineer or applied science) and a minimum of 3 years of experience in a related role; associate degree with 4 years' experience or 6 years equivalent experience without a degree.IAT Level III certification required (CASP, CISSP+, etc.).Must be able to support travel up to 25% (1-3 weeks in duration).Must possess a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months.Must obtain a Microsoft and UNIX/Linux certification within 6 months.Must possess a database certification (e.g., MS SQL Server, OCP, CMDBA, MSDBA, etc.) within 6 months upon arrival on-site.Database administrator experience (MS SQL Server, Oracle, PostgreSQL, etc.).Hands on experience with and knowledge of SQL.Experience in working with and in a web and network systems security environment with a focus on database administration and security.Must successfully complete skills assessment lab prior to arriving at customer site and remain mission qualified.Self-motivated with minimal supervision.Preferred Requirements:
System administrator experience (Windows, UNIX)Analytical with the ability to understand and implement customer objectivesFamiliarity with NIST, RMF, DISA STIGs and experience in conducting DoD vulnerability and compliance assessmentsExperience or familiarity with military operations highly desirable
The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems.
In support of this mission, ANALYGENCE has an immediate opportunity for a
Security Architect - Database . In this role you will be responsible for performing security audits, risk assessments and analyses with adherence to DISA STIGs, NIST, and industry best practices; duties to include vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately "tell the story" of how the vulnerability was exploited and what the overall impact would be to particular hosts or networks.
Duties:Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and databases (i.e., MS SQL Server, Oracle, PostgreSQL, MySQL (Maria DB), Mongo DB, Sybase, IBM DB2, SQLite, FireBird, and Informix)Demonstrated ability to methodically analyze problems and identify potential solutions.Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.Analyze and evaluate database schemas and current or proposed configurations to discern weaknesses for exploitation and supply recommendations for enhancing database internal and external security; document and transition results in reports, presentations, and technical exchanges.Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.Craft recommendations for customer to prevent/mitigate attempted breaches of database security and database security weaknessesRender guidance on formulating security policies, procedures, along with tactics, techniques and procedures to enhance data and database protections.Possess good writing and communications skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.Position requires travel up to 25%.Requirements
Current Top Secret clearance with SCI eligibilityBachelor's degree in a related field (focused on engineer or applied science) and a minimum of 3 years of experience in a related role; associate degree with 4 years' experience or 6 years equivalent experience without a degree.IAT Level III certification required (CASP, CISSP+, etc.).Must be able to support travel up to 25% (1-3 weeks in duration).Must possess a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months.Must obtain a Microsoft and UNIX/Linux certification within 6 months.Must possess a database certification (e.g., MS SQL Server, OCP, CMDBA, MSDBA, etc.) within 6 months upon arrival on-site.Database administrator experience (MS SQL Server, Oracle, PostgreSQL, etc.).Hands on experience with and knowledge of SQL.Experience in working with and in a web and network systems security environment with a focus on database administration and security.Must successfully complete skills assessment lab prior to arriving at customer site and remain mission qualified.Self-motivated with minimal supervision.Preferred Requirements:
System administrator experience (Windows, UNIX)Analytical with the ability to understand and implement customer objectivesFamiliarity with NIST, RMF, DISA STIGs and experience in conducting DoD vulnerability and compliance assessmentsExperience or familiarity with military operations highly desirable