Security Analyst/ Test Engineer

Position Responsibilities :

• Conduct penetration testing of the system under test to test the system’s ability to perform its mission.
• Prepare and monitor Master List of Findings (MLOF) and Plan of Action and Milestones (POA&Ms) in support of risk mitigation efforts including scans, appropriate checklists, and T&E findings.
• Test individual components of a control system, including, but not limited to, embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications, etc.
• For FRCS, perform authorized simulated attack on systems, to exploit security weaknesses, potentially gaining access to the system’s features and data.
• Create penetration reports that assess potential impacts to the organization and suggest countermeasures to reduce risk.
• For FRCS such as AMI, BCS, UCS Develop procedures of identifying, quantifying, and prioritizing the vulnerabilities in a system.
• Support high-fidelity simulations of Navy shore control system networks.
• Perform risk analysis and provide recommendations for control systems vulnerability finding reports.
• Utilize the CSE approved automated vulnerability assessment tools such as Security Readiness Review (SRR) scripts, and DISA Security Checklists to verify comprehensive and complete implementation of security requirements.
• Complete vulnerability assessments that validate a device under test is executing only its original operating system or firmware image, plus any upgrades and patches provided by the device manufacturer or vendor, and approved programming and configuration changes performed by authorized installers or operators.

Required Experience :

• DoD Secret Clearance
• Graduate Degree from an accredited University OR Certified Ethical Hacker (CEH); Certified Information Systems Security Professional (CISSP);

Certified Security Analyst (CSA); or Licensed Penetration Tester (LPT)

• Minimum certification as IAT Level II per DoD 8570.01, or successor.
• Demonstrated experience in conducting black / white / grey box penetration testing of IT / OT systems, capture-the-flag events, and cyber tabletop exercises.

Thorough in-depth knowledge of networking, scripting, and intermediate skills in programming. Extensive knowledge and experience with common penetration tools such as NMAP, core impact, John the Ripper, Hydra, Metasploit, etc.

Ability to manage time well to meet assigned milestones

TIAG is an equal opportunity and affirmative action employer that does not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

TIAG's policy applies to all terms and conditions of employment. To achieve our goal of equal opportunity, TIAG maintains an affirmative action plan through which it makes good faith efforts to recruit, hire, and advance in employment qualified minorities, women, individuals with disabilities, and protected veterans.