Overview:
Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Shalimar, FL; and Tupelo, MS

Mission: As a member of the NGA DEFENDER Computer Network Exploitation team, the contractor executes computer network operations via penetration testing and emulating Advanced Adversaries, Insider Threats, and Purple Team against NGA systems for the purpose of strengthening information system security. Cyber Vulnerability Assessment Analysts will help develop and execute plans leveraging multiple cyber threat Tactics, Techniques and Procedures (TTP's) to breach and/or exfiltrate data in such a way as to minimize the risk of detection by a Security Operations Center (SOC). The positions also require the ability to protect data successfully exfiltrated from a targeted network and to provide mitigations to its exploits or observations that are resource-realistic, systemic, and actionable to buy down risk. This position is available immediately and supports the National Geospatial-Intelligence Agency (NGA) onsite at NGA headquarters in Springfield, VA.

Responsibilities:

The ideal candidate will assist the customer in providing advanced level technical and engineering support to sensitive and highly regulated Computer Network Exploitation (CNE) operations designed to identify vulnerabilities subject to Advanced Persistent Threats (APT) or other emerging, time sensitive cyber threats on the customers networks. This includes:

• Performing assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Developing measures of effectiveness for defense-in-depth architectures against known vulnerabilities.
• Identifying systemic security issues based on the analysis of vulnerability and configuration data.
• Applying programming language structures (e.g., source code review) and logic.
• Sharing meaningful insights about the context of an organization's threat environment that improve its risk management posture.
• Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Requirements:

• BD degree and Masters a plus (required for Advanced) in Computer Science or Information Systems or other technically relevant degree; Note: 6-10 years of direct cyber vulnerability assessment experience may be accepted in lieu of Bachelors or Masters and/or a combo AS certifications listed below
• Knowledge of Government standards for data security such as markings, handling of classified and unclassified information, and how to handle the distribution of this information
• Knowledge of computer networking concepts and protocols, and network security methodologies, risk management processes (e.g., methods for assessing and mitigating risk), and laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cyber threats and vulnerabilities, and operational impacts of cybersecurity lapses.
• Knowledge of cryptography and cryptographic key management concepts and host/network access control mechanisms (e.g., access control list, capabilities lists, etc.).
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Must have security clearance-TS/SCI eligible, subject to CI Polygraph
• Certifications: IAT Level 2

Desired/Preferred Skills

• Conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Assessing the robustness of security systems and designs.
• Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
• Mimicking threat behaviors and the use of penetration testing tools and techniques.
• Using network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap, etc.).
• Reviewing logs to identify evidence of past intrusions and conducting application vulnerability assessments.
• Conducting ethical hacking and penetration testing following established principles and techniques.
• Formally apply if you have one of these certifications (e.g., OSCP, OSCE, OSEE, GSE, GXPN, CPT)

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.