Cyber System Security Assessor – Database
The candidate will be responsible for conducting database vulnerability and compliance inspections to include, but not limited to scanning the network to identify active devices, fingerprint applications, operating systems and databases, identifying vulnerabilities, analyzing the results, manually verifying findings to eliminate false positives or negatives, capturing artifacts such as screen captures, etc., to provide evidence for each exploitable vulnerability, etc. Candidate must also be able to adequately “tell the story” of how the vulnerability was exploited and what the overall impact would be to particular hosts or networks.
More specifically, the candidate will:
- Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and databases (i.e., MySQL, MSSQL, Oracle, Sybase, etc.).
- Demonstrated ability to methodically analyze problems and identify potential solutions.
- Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit.
- Analyze and evaluate database schemas and current or proposed configurations to discern weaknesses for exploitation; document and transition results in reports, presentations and technical exchanges.
- Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events.
- Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments.
- Possess good writing and communications skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations.
- Travel up to 25% with trips encompassing 1-4 weeks in duration.
- Must have an active TS/SCI clearance.
- Must possess or be willing to obtain a DoD 8570 IAT Level 3 (CISSP, CASP, etc.) and a database certification (e.g., OCP, CMDBA, MSDBA, MS SQL Server, etc.) within 6 months upon arrival on site.
- Must possess or being willing to obtain a MCP and UNIX/Linux certification within a defined timeframe
- Minimum Bachelor’s degree and 2 years experience, Associates degree with 4 years experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science.
- Database administrator experience (Oracle, MS SQL Server, MySQL, etc.) (5 years).
- Database Certification (MySQL, MSSQL, Oracle)
- System administrator experience (Windows, UNIX) (5 years).
- Hands on experience with and knowledge of SQL (5 years).
- Experience in working with and in a network systems security environment with a focus on database administration and security (5 years).
- Networking and web application knowledge and experience.
- Must complete customer pre-screen, skills assessment lab, pass customer training and certification program and remain mission ready qualified.
- Self-motivated with minimal supervision.
- Analytical with the ability to understand and implement customer objectives.
- Familiarity with DISA STIGs and experience in conducting DoD vulnerability and compliance assessments.
- MCP Certification (within 6 months of hire)
- UNIX/Linux Certification (within 6 months of hire)
- Experience or familiarity with military operations highly desirable.