What You'll Do

The Vulnerability Assessor is responsible for analyzing key data streams and interpreting threats, vulnerabilities, impacts, and likelihood of asset exposure. The aggregation of ingested data informs analysis with key identifiers to generate a holistic view of the enterprise and provide recommended mitigations and/or remediation of possible exploitable assets. The assessor also assists Vulnerability and Compliance Assessment Management with cyber analysis to support requested exception requests. Responsible for cybersecurity assessment/analysis and provides recommendations for Enterprise level systems and applications designs. Involved in a wide range of cybersecurity areas, including system architectures, firewalls, inspection and analysis tools, encryption components and networking architectures. Involved in security reporting and analysis to regulatory agencies.

Knowledge and Abilities:

• Identify systemic security issues based on the analysis of vulnerability and configuration data.
• Share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Risk management processes (e.g., methods for assessing and mitigating risk).
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Cyber threats and vulnerabilities.
• Specific operational impacts of cybersecurity lapses.
• Application vulnerabilities.
• Cryptography and cryptographic key management concepts
• Host/network access control mechanisms (e.g., access control list, capabilities lists).
• Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• How traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Programming language structures and logic.
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Systems diagnostic tools and fault identification techniques.
• What constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• System administration, network, and operating system hardening techniques.
• Cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

What You Can Expect

Minimum Job Requirements

Preferred Job Requirements

Why Pantex and Y-12?

You get #morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Pantex and Y-12, you can build a career that lasts a lifetime.

Notes