SME Aircraft Penetration Tester TGCB at Oasis Systems LLC
Location: Edwards Air Force Base
Oasis Systems has an exciting opportunity for a Avionics Penetration Tester located at the 47th Cyberspace Test Squadron Detachment 1 at Edwards AFB,CA. Do you thrive on completing objectives that others consider too complex? Do you enjoy solving problems that seem unsolvable? How would you feel about identifying and exploiting vulnerabilities of aircraft and weapon systems? Our team is responsible for testing the cutting-edge systems that keep America safe. If you are searching for a position where success is determined by your ability to think outside-the-box, and where unique challenges are not the exception but the norm, then keep reading.
The experience set we are searching for is pretty broad, but generally fits into 3 areas; IT system penetration testers, hardware/software reverse engineers, and embedded systems engineers. We realize that no one will have all of these qualifications. We are looking for people that can bring a strong foundation in one of the listed areas and are motivated to learn the others.
LOCATION: Edwards AFB, CA
JOB STATUS: Full-Time
TRAVEL: Yes.Must be able to travel to required meetings such as Engineering Design Reviews, Formal Qualification Tests, and other enterprise/program meetings.
REQUIRED QUALIFICATIONS (Education, Certifications, Experience, Skills)
SECURITY CLEARANCE: Top Secret clearance. Must be able to gain access to SCI and Special Access Programs within 90 days
EDUCATION: Master’s degree in a technical or applicable discipline
CERTIFICATIONS: Must be able to obtain DOD 8570 IAT Level 3 certification (CASP, CISSP, etc.) and/if IP Penetration Tester SME DOD 8570.01-M CSSP Analyst – Certified (CEH, GCIH, etc.) within 6 months of hire, and maintain certification throughout employment.
EXPERIENCE LEVEL: Regarded within the community of interest as a Subject Matter Expert in aircraft penetration testing. This skill level will oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
• US Citizenship
• Top Secret Clearance
• Cybersecurity job experience
• Cyber penetration test experience
• Analytical and problem-solving skills
• Strong leadership skills
• Understanding of network security/engineering
• Good organization, decision making, and verbal and written communication skills
• Excellent self-initiative and self-motivation with the ability to work under minimal supervision
• Ability to work effectively in small and large team settings to solve complex problems
• Knowledge of Windows and Linux (including Kali) Operating Systems
• Software development experience is desired, but at least some scripting experience in Python, Ruby or similar language is required
• Extensive experience with Windows and Linux Operating Systems
• Must be able to obtain DOD 8570 IAT Level 3 certification (CASP, CISSP, etc.) and/if IP Penetration Tester SME DOD 8570.01-M CSSP Analyst – Certified (CEH, GCIH, etc.) within 6 months of hire, and maintain certification throughout employment
• Extensive understanding of network security/engineering.
• Extensive knowledge of common wired and wireless network protocol structures.
• Experience with static and dynamic software analysis tools and techniques (i.e. fuzzers).
• Experience designing, building, or testing embedded systems.
• Experience with a non-IP bus protocol (CAN bus, Mil-Std 1553, ARINC 429, etc.).
• Experience with aircraft avionics is a plus.
• Experience with Radio Frequency (RF) and Datalinks is a plus
• Develop test tools and strategies for cybersecurity testing on DoD aircraft and weapons.
• Conduct independent compliance assessments, penetration testing, data collection, test automation, and reporting.
• Perform system security analysis on systems and/or software to understand and identify vulnerabilities.
• Execute hands-on testing which include significant technical skills with multiple operating systems.
• Provide technical guidance and expertise to test teams.
• Document and communicate test results effectively to technical and non-technical user groups in written and oral formats.
• Develop and document a standard, repeatable process for conducting MBCRAs and CVIs, ACDs, CVPAs, and AAs.
• Support the development of cyber test and evaluation procedures for aircraft, weapons, C4ISR, and IT systems.
• Document the system information requirements and work products needed by the Development Test & Evaluation (DT&E) and Operational Test & Evaluation (OT&E) communities to plan, execute and report on systems’ cyber test objectives.
• Provide requirements usable by programs to incorporate in statements of work, system technical requirements documents, Test and Evaluation Master Plans, DT&E and OT&E Entrance and Exit criteria, and other documents.
• Assist with developing and documenting Air Force guidance, and informing DoD guidance updates.
• Document recommendations for incorporating DT&E/OT&E cybersecurity deficiency reporting and watch items into standard DT&E/OT&E processes.
• Facilitate program MBCRAs.
• Assist with CVI, ACD, CVPA, and AA planning, execution, and reporting to achieve the above objectives, provide expertise and lessons learned, and apply process knowledge for systems under test
Who We Are
Oasis Systems is a premier provider of customer-driven, cost-effective and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, FAA, NRC and other federal agencies.
We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations; while supporting mission-critical national security technologies and programs.
Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available #mon
For Remote SME Aircraft Penetration Tester TGCB roles, visit Remote SME Aircraft Penetration Tester TGCB Roles
Lead P.NETration Tester at Five9
Location: San Ramon
For Remote Lead P.NETration Tester roles, visit Remote Lead P.NETration Tester Roles
Senior Security Compliance Specialist at Infinity Consulting Solutions
Our client, a worldwide media & entertainment company is looking for a Senior Security & Compliance Specialist to add to their GIS team.
• Assists in resolving security and compliance issues, as well as, developing processes, documentation and reports.
• Analyzes and reviews security findings and data and penetration testing results.
• Assist in monitoring and administering policies as directed.
• Represents the security needs of the organization by providing expertise and assistance in all GBTS projects with regards to security issues.
• Create, manage and maintain user security awareness Enforce security policies and procedures.
• Prepare status reports on security matters to develop risk analysis scenarios.
• Evaluate and develop approach to solutions.
• Proactively assesses potential items of risk and opportunities of vulnerability.
• Review vulnerability assessments and conduct gap analysis.
• Provides situation-based support, using in-depth knowledge of technology, to ensure systems are designed in accordance with and are aligned with Company security requirements; includes architecture assessments, secure development training, and conducting RTOs
• Develops technical monitoring, assessment and response solutions that meet current specifications
• Reviews and presents reports (eg, penetration test results, incident response metrics, forensics, network monitoring metrics), position papers, assessment recaps to team (peers) and next level of leadership within team
• Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
• Participate in all phases of Red Team Operations
• Support GIS AppSec Team with full manual penetration testing, tools development, and streamlining processes and procedures.
• Serve as a force multiplier, outside of the Red Team, to provide deep knowledge perspectives to enhance IT security controls across GIS
• 5+ years experience in related field.
• Solid knowledge of information security principles and practices.
• Knowledge of various Compliance policies and programs (PCI, SOX, Safe Harbor).
• Understanding of advanced security protocols and standards.
• Knowledge of various Compliance policies and programs (PCI, SOX, Safe Harbor).
• Domain knowledge in multiple technical areas.
• Ability to work on most phases of functional requirements.
• Experience with performing Red Team Operations
• Expert level web application and network penetration testing skills
• Experience working with assessments tools/frameworks like Burp, Nessus, Metasploit, Mimikatz, and Cobalt Strike
• Experience customizing/developing in-house scripts and tooling
• Experience working with Scripting and development languages like Bash, Powershell, Python, Perl, Ruby, PHP, C/C+,C#, and Java
• In-depth knowledge of operating systems (Unix/Linux, Windows, and Mac)
• In-depth knowledge of networking protocols and systems administration
One or more of the following certifications:
• OSCP – Offensive Security Certified Professional
• OSWE – Offensive Security Web Expert
• GPEN – GIAC Penetration Tester
• GIAC – GIAC Web Application Penetration Tester One or more of the following certifications:
• OSEP – Offensive Security Certified Expert
• GXPN – GIAC Exploit Researcher and Advanced Penetration Tester
Web Reference : AJM/260208146-764
Posted Date : Wed, 07 Sep 2022
To apply for this position you will complete an application form on another website provided by or on behalf of Infinity Consulting Solutions. Please note IT Jobs for ColU Fans is not responsible for the application process on any external website.
For Remote Senior Security Compliance Specialist roles, visit Remote Senior Security Compliance Specialist Roles