Seize your opportunity to make a personal impact as a Network Vulnerability Analyst supporting the Research, Development, Test, and Evaluation (RDT&E) at the Naval Information Warfare Center in San Diego, CA. At GDIT, people are our differentiator. As a Network Vulnerability Analyst, you will help ensure today is safe and tomorrow is smarter. Our work depends on a Network Vulnerability Analyst joining our team to work with a variety of subject matter experts covering the full breadth of cybersecurity and learn from their expertise. HOW OUR NETWORK VULNERABLITY ANALYST WILL MAKE AN IMPACT: Perform penetration testing against a variety of applications using customer-provided tools
Perform proof of concept on new exploits to determine if supported networks are vulnerable
Ensure signature-based scanning tools are operational
Draft and review Standard Operation Procedures and Proofs of Concept
Prepare and assist with Command Cyber Readiness Inspections WHAT YOU NEED TO SUCCEED (Required): Security Clearance Requirements: Active Secret clearance.
Required Experience: 4 years of experience
Experience with vulnerability and configuration compliance scans using automated tools to include, but not limited to ACAS, SCAP Compliance Checker, and McAfee Policy Auditor.
Experience with penetration testing that identifies weaknesses in web applications, supporting infrastructure, and endpoints.
Knowledge of security testing environments and tools, to include but not limited to Kali, Metasploit, Burp Suite, Wireshark, and Fiddler.
Experience enumerating vulnerabilities and performing exploits on the vulnerabilities to include, but not limited to remote code execution, privilege escalation, XML external entity, Cross Site Scripting (XSS), SQL injection, man-in-the-middle, session hijacking, and Cross-Site Request Forgery.
Experience with operating and maintaining a passive vulnerability/network vulnerability monitoring capability using Nessus Network Monitor or similar tools for gathering and analysis of packet capture, session data, transaction data, alert data, and event correlation.
Experience with assisting administrators of vulnerable systems to test and implement patches, hot fixes, and countermeasures to mitigate findings.
Be familiar with collaborating with infrastructure teams to drive remediation of reported vulnerabilities through risk/threat-based assessment of security controls and tools.
Knowledge of DoD IAVM: deadlines, announcements, assess applicability, and plan responses.
Be familiar with researching and documenting remediation strategies for vulnerabilities, and build custom reports for data calls.
Experience with articulating risk and business impact to stakeholders to include applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE), and Open Web Application Security Project (OWASP) processes and remediation recommendations.
Experience with analyzing vulnerabilities, implement controls to prevent vulnerabilities, and establish infrastructure to support detecting and containing vulnerabilities.
Have knowledge of tools such as the Elastic Stack, SQL, stream editors, spreadsheet pivot tables, LDAP queries, Unix/Linux CLI, Nmap, tcpdump, Wireshark, shell scripting, and Puppet.
Be able to maintain and utilize Blue Team tools.
Have knowledge of current vulnerability trends and developing technologies, prioritize remediation efforts, and recommend best practices to improve the overall security posture of the network.
Experience with DoD STIGs
Scripting experience (PowerShell, BASH, or Python preferred)
Experience with virtual machines (vSphere, Virtual Box, KVM, QEMU)
Verbal and written communication skills.
Required Certification: CompTIA Security+ CE
Required Training: Microsoft Azure 801 and Linux + training certificates
Education: Bachelor's Degree in Computer Science, Information Systems, Engineering or other related scientific or technical discipline from accredited College/University
Location: Onsite in San Diego, CA.
US Citizenship Required. WHAT WE'D LOVE FOR YOU TO HAVE (Preferred): Knowledge of Burp Suite security tools
Experience with Kali Linux tools such as nMAP, TCPDump, WireShark
Knowledge of web development and HTML structure
Working knowledge of OSI network model and network traffic flow
Working knowledge of Windows Server core elements (Domain Controller, Active Directory, Registry, GPO creation, DISM, SCCM)
Medium to Advance knowledge of network configuration for switches and routers
Basic understanding of vulnerability research and exploitation
Basic knowledge of physical security
Basic knowledge of hardware exploitation
Basic knowledge of Cloud core elements
Penetration testing experience GDIT IS YOUR PLACE: 401K with company match
Comprehensive health and wellness packages
Internal mobility team dedicated to helping you own your career
Professional growth opportunities including paid education and certifications
Cutting-edge technology you can learn from
Rest and recharge with paid vacation and holidays Work Requirements
Date Posted: 03 April 2025
Apply for this Job