Nasa Iv&V Vulnerability Researcher & Exploit Developer

Nasa Iv&V Vulnerability Researcher & Exploit Developer
Company:

Saic


Place:

West Virginia


Area:

Programmer

Nasa Iv&V Vulnerability Researcher & Exploit Developer

Details of the offer

Description

SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.
The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas. Responsibilities includes simulating real-life cyber attacks with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize development/programming, live testing, system administration, reverse engineering, vulnerability assessments, system/network hardening, penetration testing and ultimately creativity skills. It is an opportunity for a team player to enhance a world-class team and learn/teach new skills.
Daily Responsibilities:
Experience conducting advance host/network/application penetration testing as a member of a technical team on live/operational systems
Perform reverse engineering and static/dynamic test of desktop/web applications to find security flaws like zero-day vulnerabilities
Review custom applications source code for security flaws and vulnerabilities
Perform full-scope penetration test activities like zero-day discovery, exploit development and exploitation of vulnerabilities on operational network infrastructure devices, services, various operating systems and desktop/web applications
Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
Capable of doing the necessary research and development to produce TTPs and products (e.g. exploits, applications, etc.) to achieve systems exploitation
Be able to review, modify and develop software programs or scripts in Assembly, C++, C#, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages for systems/applications exploitation, data analysis, systems configuration and task automation
Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools
Informed in current information security threats, trends and vulnerabilities
Research and formulate recommendations for vulnerabilities
Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
Develop proof-of-concept examples and scenarios for reports and live demonstrations
Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and other team members
Qualifications

Qualifications
Bachelors and nine (9) years or more of cyber experience; Masters and seven (7) years or more cyber experience ; PhD or JD and four (4) years or more cyber experience. In lieu of a degree, 13 years of IT experience with 9 years or more of cyber related experience.
3+ years conducting advanced host/network/application penetration testing as a member of a technical team on live/operational systems (knowledge must be beyond Metasploit Frameworks and vulnerability scanning tools).
Ability to find/identify zero-day vulnerabilities through reverse engineering, source code review and dynamic/static testing.
Previous coding and development of exploits/proof of concepts (PoCs) as well
Current DoD SECRET clearance with the ability to be cleared up to TS/SCI
My SAIC Benefits.

Requirements


Knowledges:

  • PHP
  • Access

Cb services engineer iii

Primary Location:6305 Peachtree Dunwoody Rd, Atlanta, GA, USA Division:Cox Communications Inc Job Level:Individual Contributor Travel:Yes, 5 % of the Time...


From Cox Communications Inc - Georgia

Published a month ago

Unix administrator

Secure our Nation, Ignite your Future Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come...


From Mantech International Corporation - Maryland

Published a month ago

Police services officer

This is a non-sworn position that processes, guards, secures and confines all persons who have been detained, arrested or put under protective custody into the...


From City Of Chula Vista, Ca - California

Published a month ago

Sr business intelligence developer

Description Job Description: Leidos is seeking aSr. Business Intelligence (BI) Developerfor our SSA ITSSC program in Baltimore, MD. As our Sr. BI Tools...


From Leidos - Maryland

Published a month ago