Cyber Capability Director Sr

US Citizenship and Clearance Required

Highlights:

• This position offers a remarkable opportunity to contribute to the FBI's CJIS mission. By joining our team, candidates will have the chance to learn from some of the industry's top professionals, gaining valuable skills and expertise that can be applied in many areas.
• The team consists of a diverse group of government personnel and contract staff from various companies, fostering a collaborative and dynamic work environment.
• This position stands out due to its dynamic team atmosphere and the chance to engage in high-visibility projects while gaining insights and knowledge from top professionals in the industry.
• Candidates will gain valuable IT security skills by learning from some of the industry's leading experts.

Tasks:

• Evaluate delivered software
• Conduct static analysis on source code developed in common programming and scripting languages, including, but not limited to, C, C++, Java, C#, Groovy, Python, Perl, Pup, JavaScript, Ruby, Bash, Powershell, and Objective C, and identifying the presence of any vulnerabilities or potentially malicious logic.
• Conduct dynamic, manual, and automated binary reverse engineering analysis on developed applications identifying the presence of any vulnerabilities or potentially malicious logic.
• Provide technical guidance on typical indications of malicious logic and intent for both source code and compiled binary files.
• Perform manual and automatic assessments of code libraries and cross reference them with industry best practices and OWASP Top 10, and Creates frameworks, internal tooling, scripts, and application extensions to support efficient and effective software security analysis processes.
• Perform static and dynamic analysis of known malicious and unknown binary files, reverse engineering of compiled software, functional analysis of source code/scripts, and/or hardware/firmware analysis.
• Provide technical guidance on secure software development methodologies, techniques, and best practices.
• Provide technical guidance on secure web development techniques, interfaces, and web security best practices.
• Assists stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities of information systems and services.
• Provide presentations, briefings, and knowledge transfers as assigned.
• Develop applicable reports (e.g. risk, secure code assessment reports), as assigned.
• Prior experience with tools such as Tenable Security Center, Microsoft Defender for Endpoint, BigFix, OWASP Zap, BurpSuite, Black Duck, Coverity, Software Risk Manager, Checkov, Trivy, ClamAV, Red Hat Advanced Cluster Security for Kubernetes, Jira, Confluence, Bitbucket, Bamboo, and SharePoint.
• Conduct security functional requirements such as:
  
  
  
  • Testing of system applications and components, and overall system architecture to verify and validate conformance with specified security policies and requirements.
  • Conduct ongoing security functional requirements testing and security assessments of information system hardware, software, and applications, and overall system architecture to verify and validate security policies, requirements, plans, standards, processes, and procedures
  • Provide Subject Matter Expert (SME) input to support penetration testing, application manipulation, and social engineering assessments.
  • Perform periodic mandated vulnerability assessment scans of information systems on an as-needed basis to meet mandated requirements, documenting any identified deviations, and notifying system and management personnel.
  • Perform multiple IT Security support services associated with security functional testing, vulnerability assessments, code assessments, and penetration testing.
  • Monitor trends found in software security assessments for frequent insecure practices and provide examples of alternative methods that can be used to produce similar functionality securely.
  • Provide security functional, vulnerability, and penetration test schedules as assigned, encompassing CJIS information system security test and known, and/or mandated, security test efforts for scheduling purposes and allocation of resources through the normal change management process.
  • Prepare security vulnerability and penetration testing methodologies as assigned, developing test plans. Review various web service implementations before being deployed to an Operational Environment (OE), including manual assessments and testing, web services description language (WSDL) reviews, and architecture and framework design reviews.
  • Support the SAA process of information systems, to verify and validate conformance to Federal and FBI policies, regulations, FISMA compliance and standards, and meet specified security requirements.
  
  
  
  
• Support will parallel with EISS certification testing methodologies and strategies.
• Perform duties and responsibilities associated with network and system mapping to produce overall architecture, information flows, entry and exit points, security features, and profiles of information systems.
• Assist with installation, configuration and maintenance of operating systems, tools and applications.

Required Qualifications:

• Education: Bachelor's Degree
• Experience: 6 years of relevant experience
• CEH or equivalent
• CompTIA Security+ or equivalent

Desired Qualifications:

• Master's Degree preferred

Position Type Shift Information:

• Mon-Fri (8:00am-4:30pm)

US Citizenship: US citizenship required

Clearance: Current Top Secret required

Location: Clarksburg, WV

Ideal Innovations, Inc. is an Equal Opportunity Employer:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or veteran status.

Ideal Innovations, Inc. is a VEVRAA Federal Contractor.