Risk and Assessment - SME 0010RAWFH - 1500

Clearance Level: Able to Obtain Security Clearance (Desirable Secret)

US Citizenship: Required

Job Classification: Part-Time On-Call (Moonlighting)

Location: Remote

Years of Experience: 5

Education Level: Bachelors or 7 years of experience

Position Description: 

Global InfoTek Inc. is looking for an experienced Risk and Assessment SME to:

• Assess threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assess the level of risk, and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations. 

• Conducts Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing. 

 Required Technical Skills:

• Network Mapping: Understand how to use tools and techniques to identify devices, servers, and other network components.
• Vulnerability Scanning: Use tools like Nessus, Qualys, or OpenVAS to identify known vulnerabilities.
• Phishing Assessment: Conduct social engineering tactics and use tools to simulate phishing campaigns.
• Wireless Assessment: Knowledge of wireless network security and ability to use tools like Aircrack-ng or Kismet.
• Web Application Assessment: Proficient in using tools such as OWASP ZAP, Burp Suite, and understand the OWASP Top 10 vulnerabilities.
• Operating System Security Assessment (OSSA): Learn about secure configuration, patch management, and tools specific to various operating systems (like Microsoft, Linux/Unix, etc.).
• Database Assessment: Able to assess database security using tools like SQLmap and how to secure SQL and NoSQL databases.
• Penetration Testing: Skilled in ethical hacking, using tools like Metasploit and the PTES and OSSTMM methodologies.

Required Training:

• NIST SP 800-53 (Security and Privacy Controls)
• SP 800-37 (Risk Management Framework)
• SP 800-30 (Risk Assessment)
• NIST SP 800-61 (Incident Response Frameworks)

Desirable Certifications and Training:

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• CompTIA Security+

Global InfoTek, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. 

About Global InfoTek, Inc. Reston, VA-based Global InfoTek Inc. is a woman-owned small business with an award-winning track record of designing, developing, and deploying best-of-breed technologies that address the nation's pressing cyber and advanced technology needs. For more than two decades, GITI has merged pioneering technologies, operational effectiveness, and best business practices to rapidly provide low-cost, agile solutions to DoD, DHS, and IC customers. In addition to its Reston office, GITI has operations in San Antonio, TX, Colorado Springs, CO, and Rome, NY. 

Tags