4 days old

Cyber Vulnerability Analyst/Researcher

Red Bank, NJ 07701
Apply Now
Apply on the Company Site
Business Group Highlights

Perspecta Labs

Perspecta Labs generates transformative applied research to fuel solutions for our customers unique challenges. We are a self-sustaining research center within Perspecta that provides applied research and engineering to enable government agencies, utilities and commercial enterprises to fully exploit the future of communications, analytics and cyber security.


Responsibilities

Perspecta Labs delivers world class cyber research and engineering to government agencies, telecom carriers, utilities, and commercial enterprises. Drawing on its Bell Labs heritage, Perspecta Labs excels at creating innovative technologies and services to solve the most difficult and complex problems, shaping the state of the art in government and commercial cybersecurity. We are looking for a candidate with a background in software development, networking and cybersecurity for a Full-Time position in our Information Assurance and cybersecurity professional services and research group.

Candidates will work as part of a team and on an individual level to

  • Perform hands-on cyber vulnerability and risk assessments, penetration testing and security controls validation on embedded systems/IoT devices, web applications, network infrastructure, wired and wireless systems,
  • Work in a lab environment to set up equipment and validate system operation before security testing,
  • Support threat analysis and targeting in systems under test,
  • Evaluate security risk of discovered weaknesses and vulnerabilities,
  • Support research programs in cyber vulnerability assessment.

This position is not about running automated vulnerability scan tools. Candidate requires problem-solving skills and innovative thought to devise and test scenarios to circumvent security controls, discover weaknesses and analyze results. Candidate should possess an investigative mind and be able to quickly adapt and apply security concepts to different technologies. Candidate should be comfortable exploring zero-day vulnerabilities of technologies, ideating new attack scenarios and developing scripts and small programs to validate a vulnerability. Candidate should be interested in constant learning, enjoy technology and be comfortable with hands-on software and hardware exploration.

Candidate must be comfortable working in a fast-moving environment with multiple simultaneous projects, short cycle projects requiring a quick ramp-up and exposure to a wide range of technologies.


Qualifications

Bachelors degree in Computer Science or related field with 0-5 years relevant work experience OR a Masters degree.

Requirements:

  • Experience in identifying and exploiting vulnerabilities in web applications, client/server applications, network infrastructure, wireless networks, Industrial Control Systems.
  • Familiarity with web application development, client-side and server-side web technologies, and OWASP web weaknesses.
  • Basic proficiency in one or more of the following languages:
    • C, C++, Python, Java, SQL, Unix shell programming, XML, HTML
  • Basic proficiency in one or more of the following security tools:
    • JAVA Decompilers, Web proxies (Paros, Burp Suite Professional), Nessus, Burpe Suite, Nipper, Kali Linux, Nmap, Wireshark, Tcpdump, Scapy, Ghidra, OllyDbg, IDA Pro and other tools
  • Working Technical knowledge of:
    • Linux and Windows Operating Systems
    • IP Networking
    • Web application development
    • Basic Cloud technologies
    • General Linux and Windows application development and scripting capabilities, e.g. interfacing using standard data exchange formats such as json, xml, etc., network programming, interfacing with databases, hardware ports, etc.
  • Ability to analyze packet captures, understand network protocols, and craft customer packets.
  • Exposure to IoT wireless protocols (e.g., 802.15.4, ZigBee) and signal capture using software defined radios.
  • Interest in reverse engineering embedded system hardware and code disassembly
  • Strong written skills and ability to write client analysis reports and presentations in draft format for team review.
  • Experience with code analysis and code reverse engineering.

Preferred

  • Computer and network emulation, containerization, and virtualization and use of binary analysis and debugging tools.
  • Ability to investigate and assess embedded systems including I/O ports, firmware images, filesystems, FLASH storage, bus signals, etc.
  • Familiarity with industry security standards such as NIST CSF, 800-53 controls assessments and the ability to identify and utilize standard documents as required for projects.
  • (ISC)2 Certified Information Systems Security Professional (CISSP), equivalent certificate or willing to work toward acquiring certification.
  • U.S. Citizens strongly preferred - permanent residents may be considered if highly qualified.
  • Active security clearance or ability to acquire the appropriate clearance.

About Perspecta

What matters to our nation, is what matters to us. At Perspecta, everything we do, from conducting innovative research to cultivating strong relationships, supports one imperative: ensuring that your work succeeds. Our company was formed to bring a broad array of capabilities to all parts of the public sectorfrom investigative services and IT strategy to systems work and next-generation engineering.

Our promise is simple: never stop solving our nations most complex challenges. And with a workforce of approximately 14,000, more than 48 percent of which is cleared, we have been trusted to do just that, as a partner of choice across the entire sector.

Perspecta is anAA/EEOEmployer - Minorities/Women/Veterans/Disabled and other protected categories.

As a government contractor, Perspecta abides by the following provision

Pay Transparency Nondiscrimination Provision

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c).

Industry

  • Information Technology
Posted: 2020-10-17 Expires: 2020-11-16

With offerings in mission services, digital transformation and enterprise operations, our team of 14,000 engineers, analysts, investigators and architects work tirelessly to create innovative solutions. We have the expertise and experience not only to devise solutions, but to execute on them successfully.

Featured Job

Featured Employer

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Cyber Vulnerability Analyst/Researcher

Perspecta
Red Bank, NJ 07701

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast