Join our Talent Network >

NASA IV&V Vulnerability Researcher & Exploit Developer

Job ID: 202552
Location: FAIRMONT, WV, United States
Date Posted: Feb 25, 2020
Category: Cyber
Subcategory: Cyber Sec Analyst
Schedule: Full-time
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: TS/SCI
Potential for Teleworking: No

Share: mail

Job Description

Description

SAIC is the sole provider of Systems and Software Assurance Services to the NASA Independent Verification and Validation (IV&V) Program located in Fairmont, West Virginia.  At the NASA Katherine Johnson IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms.

 

The successful candidate will learn to work independently and as a member of a team in one or more of these IV&V projects or other IV&V Program functional areas.  Responsibilities includes simulating real-life cyber attacks with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize development/programming, live testing, system administration, reverse engineering, vulnerability assessments, system/network hardening, penetration testing and ultimately creativity skills. It is an opportunity for a team player to enhance a world-class team and learn/teach new skills.


Daily Responsibilities:

  • Experience conducting advance host/network/application penetration testing as a member of a technical team on live/operational systems
  • Perform reverse engineering and static/dynamic test of desktop/web applications to find security flaws like zero-day vulnerabilities
  • Review custom applications source code for security flaws and vulnerabilities
  • Perform full-scope penetration test activities like zero-day discovery, exploit development and exploitation of vulnerabilities on operational network infrastructure devices, services, various operating systems and desktop/web applications
  • Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
  • Capable of doing the necessary research and development to produce TTPs and products (e.g. exploits, applications, etc.) to achieve systems exploitation
  • Be able to review, modify and develop software programs or scripts in Assembly, C++, C#, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages for systems/applications exploitation, data analysis, systems configuration and task automation
  • Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
  • Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools
  • Informed in current information security threats, trends and vulnerabilities
  • Research and formulate recommendations for vulnerabilities
  • Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
  • Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
  • Develop proof-of-concept examples and scenarios for reports and live demonstrations
  • Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and other team members


Qualifications

Qualifications 
  • Bachelors and nine (9) years or more of cyber experience; Masters and seven (7) years or more cyber experience ; PhD or JD and four (4) years or more cyber experience. In lieu of a degree, 13 years of IT experience with 9 years or more of cyber related experience. 
  • 3+ years conducting advanced host/network/application penetration testing as a member of a technical team on live/operational systems  (knowledge must be beyond Metasploit Frameworks and vulnerability scanning tools).
  • Ability to find/identify zero-day vulnerabilities through reverse engineering, source code review and dynamic/static testing. 
  • Previous coding and development of exploits/proof of concepts (PoCs) as well
  • Current DoD SECRET clearance with the ability to be cleared up to TS/SCI 

Desired Qualifications

 
  •  ICS/SCADA, Cloud Computing are a plus
  • Penetration test certifications like GXPN or OSCP are a plus 


Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Cybersecurity Lead

United States
Cyber

Cybersecurity Engineer Principal

United States
Cyber

Cyber Engineer/Architect and Program Engineering Staff

FAIRMONT, WV, United States
Cyber

Cyber Threat Intel Analyst

FAIRMONT, WV, United States
Cyber

NASA IV&V Vulnerability Researcher & Exploit Developer

FAIRMONT, WV, United States
Cyber

Provide your information to receive jobs that fit you by keywords, location, and more,
and then receive great opportunities based on your skills and experience.

Join our Talent Network >