Vulnerability Assessment Analyst

Req ID:314037

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Vulnerability Assessment Analyst to join our team in Chantilly (REMOTE), Virginia (US-VA), United States (US).

Vulnerability Assessment Analyst

All the duties listed below support one or more of the following cybersecurity related functions: Information Security, SPAA, Incident Response, Cybersecurity, Insider Threat, Computer Forensics, Vulnerability Assessment and Management, Network Data Capture, Intrusion Detection, Log Management, Auditing, Security Incident and Event Management (SIEM), and Penetration Testing.

Personnel assigned to this role will serve primarily on the Vulnerability Assessment & Penetration Testing (VAPT) team. However, this role may also support O&R and Security Engineering. This role is also responsible for coordinating both the client's Cybersecurity Services Section and other sections or divisions within the client agency.

Job Duties:

• Maintains records of vulnerability assessment and penetration testing activities.
• Coordinates with other government agencies to record and report vulnerability, risk, and penetration test assessments and results.
• Monitors Security Information and Event Management (SIEM) to identify security issues for remediation.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event details and summary information to support penetration testing activities.
• Provide recommendations to improve the overall security posture of the government client's infrastructure based on vulnerability analysis, penetration testing results, industry reports, and incident activities.
• Communicates alerts to agencies activities to their network infrastructure, applications and operating systems.
• Assists with implementation of countermeasures or mitigating controls.
• Supports efforts to consolidate and conduct comprehensive analysis of threat data obtained from classified, proprietary, and open-source resources to provide indication and warnings of impending attacks against unclassified and classified networks.
• Supports Team Lead on developing recommendations for changes to Standard Operating Procedures and other similar documentation.
• Monitors and reviews logs from existing security tools and creates new security tool signatures to ensure maximum performance and availability.
• Performs all aspects of intrusion detection, log and audit management, network and database vulnerability assessment and compliance management, and security configuration.
• Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Also manages accounts, security devices, and patches, responsible for access control/passwords/account creation and administration.
• Analyze collected information to identify vulnerabilities and potential for exploitation.
• Provides support in the identification, documentation, and development of computer and network security countermeasures.
• Performs penetration testing on enterprise network, systems, or applications.
• Identifies network and operating systems vulnerabilities and recommends countermeasures.
• Supports the deployment and integration of security tools as needed.
• Prepares written reports and provides verbal information security briefings.
• Investigates, monitors, analyzes, and reports on information security incidents.
• Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.
• Use mitigation, preparedness, and response and recovery approaches, as needed to maximize information security.
• Tests, implements, deploys, maintains, and administers information system security infrastructure.
• Reviews intrusion detection sensors and log collection hardware and software to ensure systems are collecting relevant data to support penetration testing activities.
• Monitors all security systems to ensure maximum performance and availability.
• Analyze computer security threat information from multiple sources, disciplines, and agencies across.
• Performs on-demand vulnerability scanning, compliance monitoring, network mapping, assets discovery, and evaluations on web applications, databases, systems, networks, and applications.
• Performs day-to-day configuration and operation of production and test networks.

Basic Qualifications:

• Minimum 3 years of experience performing any combination of Information System Security, Security Assessment & Authorization, Cybersecurity, Computer Forensics, or Insider Threat.
• Minimum 3 years of experience to include:
  • Experience in blue or red team, vulnerability analysis and risk management, information system security, computer forensics, or insider threat.
  • Experience and knowledge in; vulnerability assessment, analysis, and mitigation; analyzing security system logs, security tools, and data; network monitoring, and intrusion detection using host based and network-based intrusion detection systems (IDS) and log management applications; testing, installing, patching, and upgrading computer hardware and operating systems (Windows, and UNIX) in an enterprise environment; identifying, collecting, processing, documenting, reporting, cyber security/incident response events; architecting, engineering, developing and implementing cyber security/incident response policies and procedures; engineering, testing, installing, patching, and upgrading various information security hardware and software applications. Examples of tools include SourceFire, Arcsight, Splunk, NetWitness, Guidance Software, Digital Guardian, SureView, Intelliview, Nessus, and Foundstone. Penetration testing experience for networks, web applications, and enterprise systems. Experience with Federal cybersecurity standards, industry best practices and guidelines.
• BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science,other technology-related discipline or equivalent including documented formal training.
  • High School Diploma 4 additional years of experience = Associate's Degree / Associate's Degree 4 additional years of experience = Bachelor's Degree
  • Any combination of certificates such as Microsoft's MCSE, or Cisco's, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience / information technology experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II or III may be considered equivalent to two (2) years of information security experience.
  • An additional four (4) of work experience in key areas listed above can be substituted for a bachelor's degree.
• Minimum of a Secret clearance with ability to obtain TS clearance.
• Ability to pass an agency-specific background check

Preferred Qualifications:

• Basic experience/scripting knowledge in Bash, Windows, Python, Pearl, etc.
• Experience in Recon, Vulnerability Testing and Exploitation of systems and infrastructure components
• Understands circumventing security countermeasures
• Social Engineering experience
• Working knowledge of tools such as Cobalt Strike, Metasploit, NMAP, and other exploitation frameworks
• Information security certifications, i.e., OSCP, CISSP, CEH, GPEN, GWAPT
• Discovery, Vulnerability Testing and Exploitation of web applications
• Solid understanding of web servers, middleware, database server components
• Working knowledge of tools such as AppScan, Webinspect, Arachni, w3af, Burp, fuzzers, Zap, etc.
• Familiarity with OWASP testing guidelines
• Ability to perform manual testing, SQL injection, and parameter manipulation.

Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is $69,768 - $145,350. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate's actual work location, relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance. This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, lifeand AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.

#FEDSEC

About NTT DATA

NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies.Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us atus.nttdata.com

NTT DATA endeavors to make https://us.nttdata.comaccessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us.This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.