Cybersecurity Technical Reviewer - Windows/Web/Database with Security Clearance
Apavo Corp
2024-11-06 07:40:43
Reston, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Cybersecurity Technical Reviewer - Windows/Web/Database Location: Reston, VA; Washington, DC; Northern Virginia National Capital Region Clearance: TS/SCI w/CI Poly Must be willing to travel up to 30%, including local travel within the National Capital Region (NCR) of Northern Virginia, Maryland, and Washington, DC. Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Our vision of cybersecurity as a holistic, ongoing journey enables us to offer solutions that effectively mitigate risks and address vulnerabilities within any enterprise. As the cyber landscape continuously evolves, so do we, ensuring our services not only meet but exceed the ever-changing needs of our mission-critical clients. From compliance assessments and vulnerability analysis to comprehensive information system security management, Apavo's suite of services is designed to protect and serve the most sensitive and significant sectors of our society. Joining the Apavo team means becoming part of a company rooted in the principles of integrity, quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, Apavo is the place for you. Apavo is seeking a Cybersecurity Technical Reviewer with Windows web database expertise. This position will play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). This role is responsible for the following duties: Responsibilities: Conduct thorough inspections of Windows systems, including OS, Database Server, Web, Domain Controllers, Exchange, and Workstations. Analyze and assess system and application security threats and vulnerabilities, including buffer overflow, mobile code, cross-site scripting, PL/SQL injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code. Perform reviews related to Windows 10 End of Support Schedules, Operating System Information, Hardware Information, Windows Secure Host Baseline, TPM, BitLocker drive encryption, patches, software installations, PowerShell commands, WMI, DSQuery, LDAP, user rights, group membership, password management, system security settings, Group Policy, Local Security Policy, file and share permissions, registry settings, logging, retention settings, collection options, and centralized log aggregation. Engage with leadership and site technical staff to facilitate scoping, data support, and execution of operational inspection plans. Conduct interviews with organizational subject matter experts for STIG, SRG, and IC policy checklists. Collect and review data to support comprehensive Threat Informed Critical Controls List (TICCL) and provide input on security controls, potential vulnerabilities, and MITRE ATT&CK techniques. Plan, execute, and report on security audits and network vulnerability assessments. Assist in the preparation of assessment deliverables, including Security Risk Assessments, compliance data, and STIG data. Communicate the impact of vulnerabilities through presentations and written reports. Plan, execute, and report on information technology, privacy, and operational reviews to identify risks. Required Knowledge, Skills and Abilities Education: Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, Information Systems, or a related technical discipline. Four additional years of relevant experience may substitute for a degree. Certifications: DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III. Experience: 12 years of experience or an equivalent combination of education, professional training, or work experience. Skills: Strong independent work ethic, exceptional communication skills, ability to work unsupervised. Preferred Qualifications: Minimum 8 years as a system administrator for Windows systems. Experience in a DoD or Intelligence Community environment. Ability to develop vulnerability-based vignettes for cyber tabletop exercises. Demonstrated ability to collaborate across departments to implement cybersecurity principles effectively. Skilled in identifying network anomalies and applying cybersecurity and privacy principles. Excellent multitasking, time management, and comprehensive understanding of cyber threats and vulnerabilities. Join us at Apavo and become part of a company committed to integrity, quality, and communication. If you're ready to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, apply now! Apavo Corporation is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Apavo Corporation takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.