- Washington, District of Columbia, United States
XOR Security is currently seeking a talented Vulnerability Assessment Analyst to support one of our premier clients within the Department of Homeland Security for the HQ Enterprise Security Operations Center (ESOC). The ESOC program provides comprehensive Computer Network Defense and Response support through 24×7x365 monitoring and analysis of potential threat activity targeting the DHS enterprise. To support this vital mission, XOR staff is on the forefront of providing T1-T3 CND Operations, and Digital Media Analysis supporting advanced threat analysis and development of countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security and resiliency of DHS ESOCs critical operations, we are seeking Vulnerability Assessment Analysts with diverse backgrounds in incident handling, focused operation, system forensics, penetration testing, malware analysis, and digital media forensics. Previous experience in providing Vulnerability Assessment support is highly desired.
The ideal candidate will have a solid understanding of cyber threats and forensic techniques to aid in the analysis of threats. This includes a detailed understanding of TTP’s, Threat Actors, Campaigns, and Observables. Additionally the ideal candidate would be familiar with reverse engineering, media and network forensics, chain of custody, containment, countermeasures.
Strong written and verbal communications skills are a must.
- Demonstrated real world experience performing grey and black box penetration testing as well as cyber threat emulation services (opposing force)
- Hands-on Penetration testing skills with corresponding certifications: GPEN, ECSA, or OSCP
- Have an understanding of common Web Application vulnerabilities like OWASP top 10.
- Must be proficient in several of the following tools: Powershell, Metasploit Framework/Pro, Cobalt Strike, Nessus, Burp, Canvas, and the Social Engineering Toolkit.
- Must have solid working experience and knowledge of Windows and Unix/Linux operating system, mobile platforms a plus
- Firm understanding of networks, systems and data center architecture
- Strong Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
- Strong familiarity with at least one of the following: DoD or NSA Vulnerability and Penetration Testing Standards.
- Experience performing Security Test and Evaluation services for Federal or Commercial clients.
- Secret Clearance
- Experience performing Red Team, Blue Team Operations
- Certifications (Offensive Security Certified Professional (OSCP), Web Application Penetration Tester (WAPT), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Cisco Certified Network Associate (CCNA))
- Malware analysis or digital computer forensics experience
- Cyber related Law Enforcement or Counterintelligence experience
- Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats
- Expertise on policies, industry trends, techniques related to penetration testing
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED.