Job Description

Description

SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia. At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.

The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas.

Responsible for simulating real-life cyber attacks with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize development, system administration and creativity skills. It is an opportunity for a team player to enhance a world-class team and learn new skills.

Qualifications

Qualifications 

• Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
  

• 3+ years Penetration Test experience performing full-scope penetration tests (discovery and exploitation of vulnerabilities) on network infrastructure, services, systems and desktop/web applications

• 3+ years’ experience reviewing, modifying and developing programs or scripts in one or more of the following: C++, C#, Assembly, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages to exploit systems/applications, analyze data, configure systems and automate tasks

• 2+ years or more testing, identifying and exploiting vulnerabilities in web applications (without the use of scanning tools)

• Current DoD SECRET clearance with the ability to be cleared up to TS/SCI 

Desired Qualifications

• Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
• Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
• Review custom applications source code for security flaws and vulnerabilities
• Research and formulate recommendations for vulnerabilities
• Penetration Test certifications like GXPN, OSCP, OSCE are a plus
• Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
• Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
• Develop proof-of-concept examples and scenarios for reports and live demonstrations
• Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members
• Ability to develop presentations and reports, document findings accurately; attention to detail is a vital skill
• Excellent communication and interpersonal skills; ability to convey findings in a tactful manner with the technical proficiency level appropriate to the skills and/or understanding of the audience.
• Critical thinking skills are a must

Overview

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability