BreakPoint Labs is seeking a Boundary Assessment Team Analyst. This position is remote. BreakPoint Labs was founded in 2015 as a highly technical cybersecurity services firm headquartered in the National Capital Region.
BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency, BreakPoint Labs is developing and leveraging technology to enable a more secure cyberspace.
The position will be responsible for the following:
– Perform remote threat assessments of 40 service delivery points a year and provide a written report of findings and provide recommended remediation to new DREN and SDREN RDT&E customers.
– The goal of the remote threat assessments is to enumerate exploitable flaws from the Internet’s perspective without causing impact to the target systems.
– Validate the customer attack surface utilizing industry known best practices for defending network terrain for DoD key task areas such as VPNs and Public Facing Websites.
– Assess cybersecurity capabilities through validating and testing the functionality of ACAS, HBSS, IDS, etc. and reporting findings for tracking and closure.
– Assessments will coordinate and identify security flaws and issues identified with the DoD Bug Bounty program.
– The BAT will follow a formal testing methodology with documented procedures to test systems vulnerabilities and misconfigurations, in order to maximize their reliability in the face of a cyber-attack.
– Prepare technical assessment reports for cybersecurity personnel and system administrators, and, conduct formal briefings for effective communication of system analysis results to leadership.
Required Experience:
– Bachelor’s Degree and five (5) years Information Assurance (IA) or related experience.
– Certified as an IAT-II (CISSP, CASP CE, CISA, etc.) within 60 days of hire.
– Certified as OSCP (Strongly Preferred)
– Certified as GWAPT, GPEN (Preferred)
– Knowledge of vulnerability scanning and testing tools (Nmap, ACAS/Nessus/SecurityCenter, Burp Suite Professional, Acunetix, Metasploit, EyeWitness, Whatweb, SQLMap, Shodan, Censys.io, and other tools as deemed appropriate for the mission.
– Knowledge of common DoD Cybersecurity Technologies (ACAS, HBSS, IDS, etc.)
– Ability to adapt to new testing Techniques, Tactics, and Procedures (TTPs) associated with realistic threats to improve vulnerability findings.
– Understanding of common attacker TTPs in order to perform threat analysis during assessments.
– Experience performing manual and automated DoD STIG compliance auditing on multiple technologies (Ex: Operating Systems, Web Applications, Databases, Etc.)
– Experience troubleshooting and understanding vulnerability scanning and testing tools and manual testing techniques to determine vulnerability findings that are missed.
Certifications Required: Security+ Continuing Education (CE) AND [CompTIA] Certified Ethical Hacker (CEH) [EC-Council]
Security Clearance Required: Secret
Education Level Required: Bachelor’s Degree in the Area(s) of Study Computer Science, Information Technology
