Technology Vulnerability Analyst - Entry to Experienced (Maryland)

Responsibilities

Are you an emerging or seasoned network professional who wants to work our nation's tough cybersecurity problems? Do you enjoy deeply technical, hands-on work? Do you want to identify vulnerabilities in network infrastructure devices and then figure out how to deal with them? Are you looking to make an impact in cybersecurity and advance your career while enjoying the outstanding benefits of federal service? Technology Vulnerability Analyst at NSA have the opportunity to work in the following areas: - Wired and wireless network security - Vulnerability discovery and analysis - Scalable mitigations development - Perimeter/boundary defense - Collaboration platforms, such as VoIP and VTC systems - Mobile network security - Tailored security solutions - Reverse engineering - Researching emerging network industry technologies and solutions - Control system security - Malware analysis - Researching emerging network industry technologies and solutions - Ensuring adequacy of cybersecurity standards and configurations - Fusing vulnerability assessments from all sources into a unified picture of network risk If you routinely visit network security websites or you attend network security conferences or maintain your own network; we would like to talk to you! If you are a computer hobbyist, enjoy setting up new networks, love the Black Hat / DEFCON Briefings, and Capture the Flag events; then you need to talk to us!

Job Summary

The professionals at the National Security Agency (NSA) have one common goal: to protect our nation. The mission requires a strong offense and a steadfast defense. The offense collects, processes and disseminates intelligence information derived from foreign signals for intelligence and counterintelligence purposes. The defense prevents adversaries from gaining access to sensitive of classified national security information. Technology Vulnerability Analysts detect and mitigate close access technical attacks unintentional (TEMPEST) threats emanating from secure facilities and equipment. As a TEMPEST Technology Vulnerability Analyst, responsibilities include: - Performing TEMPEST field testing to discover vulnerabilities in systems and facilities - Providing Subject Matter Expert (SME) support to the DoD and Government agencies to ensure that TEMPEST, TSCM, and/or WISEC requirements are applied equally throughout the Intelligence Community (IC) - Performing TEMPEST laboratory / facilities testing to ensure that TEMPEST certification meets the current National TEMPEST requirements - Performing TEMPEST testing of Commercial Off ' The ' Shelf (COTS) equipment to discover the extent of vulnerabilities for countermeasure purposes Modernize TEMPEST related IA standards, policies and procedures - Performing technical and operational functions in radio frequency (RF) survey, physical (structural, network) evaluations - Performing audits, inspections and investigations in accordance with government regulations and make appropriate recommendations for improvement - Performing research and development on future TEMPEST/TSCM countermeasures Start your career as a Technology Vulnerability Analyst at NSA, where you can become an expert in networking protocols and architectures, cloud security, and Internet of Things protocols, to impact and advance traditional network security.

Qualifications

The qualifications listed are the minimum acceptable to be considered for the position. Degree must be in Computer Science or a related field (e.g., Engineering, Physics, Mathematics, Computer Forensics, Cybersecurity, Information Technology, Information Assurance, and Information Security). Relevant experience must be in vulnerability analysis and/or computer forensics. In addition, experience may include the following: computer or information systems design/development, coding, information/cyber/network security, information assurance, systems engineering, and/or network and/or system administration. Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience). ENTRY/DEVELOPMENTAL Entry is with a Bachelor's degree and no experience. An Associate's degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. SENIOR Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 years of relevant experience, or a Doctoral degree plus 2 years of relevant experience. An Associate's degree plus 8 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.

Competencies

The optimal candidate is someone with strong problem-solving, analytical, communication and interpersonal skills and who has knowledge or experience in several of the following areas: - defending against and/or mitigating system vulnerabilities, including at the infrastructure, host and enterprise levels - intrusion detection and incident response - network operating systems and network data/traffic analysis - scripting languages (e.g., PowerShell, Python) - software reverse engineering - fuzzing - virtualization - penetration testing - ports, protocol and services analysis - vulnerability detection and analysis - network security devices (e.g., firewalls, intrusion and detection systems) - packet analysis - malicious code analysis - SCADA and Control Systems Devices