- The Candidate should be capable to perform vulnerability scans using tools such as Tenable Nessus and Tenable Security Center. The Candidate should be able to review vulnerability findings to assess prevalence and severity. The Candidate should be able to use data analysis and other tools such as SQL, stream editors, spreadsheet pivot tables, LDAP queries, Unix/Linux CLI, nmap, tcpdump, Wireshark, shell scripting, and Puppet. The Candidate should be able to maintain and utilize Blue Team tools such as Bluescope, Multiverse, and Dark Ether. The Candidate should be able to troubleshoot using fundamental network knowledge such as Internet Protocol version 6 (IPv6), Open Systems Interconnect (OSI) model, and Transport Control Protocol/Internet Protocol (TCP/IP). The Candidate shall maintain awareness of DoD IA Vulnerability Management: deadlines, announcements, assess applicability, and plan responses. The Candidate shall research and document remediation strategies for vulnerabilities, build custom reports for data calls
- Minimum Requirements (from Personnel Qualifications):
1) Bachelor's Degree in (STEM), or an Information Technology (IT) related field AND two (2) years of relevant work experience, OR Associate's Degree in an Information Technology (IT) related field AND four (4) years of relevant work experience, OR High School Diploma or equivalent AND six (6) years of relevant work experience
2) One (1) of the following commercial certifications:
a. CompTIA Security + (SY0-301)
b. International Information Systems Security Certification Consortium (ISC2) Certified Authorization Professional (CAP)
c. CompTIA Advanced Security Practitioner (CASP)
d. Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM)
e. ISC2 Certified Information Systems Security Professional (CISSP)
f. Global Information Assurance Certification (GIAC) Security Leadership Certification (GSLC)
3) Two (2) of the following commercial certifications:
a. Microsoft Certified Technology Specialist (MCTS): Windows Server 2008 Active Directory, Configuring Server 2008 (70-640)
b. MCTS: Windows Server 2008 Network Infrastructure, Configuring Server 2008 (70-642)
c. Installing and Configuring Windows Server 2012 Server 2012 (70-410)
d. Administering Windows Server 2012 Server 2012 (70-411); OR
One (1) of the following commercial certifications:
a. Microsoft Certified IT Professional (MCITP): Enterprise Administrator on Windows Server 2008 MCITP (Enterprise Administrator)
b. MCITP: Server Administrator on Windows Server 2008 MCITP (Server Administrator)
c. Microsoft Certified Systems Administrator (MCSA)
d. Microsoft Certified Systems Engineer (MCSE 2012)
4) One (1) of the following commercial certifications:
a. Linux Professional Institute (LPI) Advanced Level Linux Professional Certification LPIC-2
b. Oracle Certified Professional Oracle Solaris Systems Administrator (OCP-OSSA)
c. Red Hat Certified Engineer (RHCE)
d. Red Hat Certified System Administrator (RHCSA)
e. Sun Certified Network Administrator (Oracle Solaris) (SCNA)
f. Sun Certified System Administrator (Oracle Solaris) (SCSA)
g. CompTIA Linux+
h. LPI Senior Level Linux Professional Certification (LPIC-3)
i. Oracle Certified Expert Oracle Solaris System Administrator (OCE-OSSA)
j. Red Hat Certified Datacenter Specialist (RHCDS)
5) Three (3) years of demonstrated experience in ALL of the following:
a. Vulnerability enumeration
b. Nessus vulnerability scanning tools
c. Vulnerability remediation
d. Secure system configuration per DISA STIG using STIGviewer, SCAP Compliance Checker, and Open SCAP
6) Demonstrated knowledge of the IAVM process and Networking technology and networking fundamentals
7) Demonstrated knowledge with Navy and NSA Blue Team toolsets (i.e., Bluescope, Darkether, and Multiverse)
8) Demonstrated knowledge of Security Compliance Automation Protocol (OpenSCAP) and SCAP Compliance Checker (SCC).
9) Demonstrated knowledge of DIACAP (for GENSER systems), National Institute of Standards & Technology (NIST) SP 800-53 (for Unclassified systems), Department of Defense Instruction (DoDI) 8510.01 DIACAP or RMF
Additional Requirements (any additional requirements, i.e, Sec+ Cert, OS Cert, etc):
The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.
GovSG is an Equal Opportunity Employer, including inorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. GovSG participates in E-Verify.
by via developer jobs - Stack Overflow
No comments:
Post a Comment