Cyber Threat and Exploit Analyst, Lead in Quantico, VA at Booz Allen Hamilton Inc.

Date Posted: 9/23/2018

Job Snapshot

Job Description

Job Number: R0033264

Cyber Threat and Exploit Analyst, Lead

Key Role:

Provide the capabilities necessary to review exploit code and its associated vulnerabilities, discover enterprise security discrepancies, assess associated risks, and assist with the development of remedial action in coordination with a mitigation team. Lead a team in the thorough analysis of the capabilities and effects of adversary tactics, techniques, and procedures (TTPs) within the network to improve the overall defense posture. Coordinate and execute external security assessments to discover vulnerabilities in a production environment. Prioritize mitigation actions based on assessed risk upon discovery of critical exploits and vulnerabilities within the lab and production environments. Conduct, analyze, and review penetration tests and Joint Red Team assessment results to develop Cyber defense recommendations. Maintain a lab environment to test adversary tactics, techniques, and procedures. Analyze the creation of repeatable data analysis processes that identify the attributes and indications of targeted activity for profile development.

Basic Qualifications:

-5+ years of experience with assessments, including penetration tests of systems and networks in a DoD network environment

-5+ years of experience with developing exploit code for network and system penetration testing

-5+ years of experience with penetration testing of Web applications

-5+ years of experience with developing specialized applications for the assessment and security testing of Web applications

-5+ years of experience with developing and maintaining custom applications that exploit known system vulnerabilities or system mis-configurations to gain system command and control during Red Team operations

-Top Secret clearance

-HS diploma or GED

-DoD 8570 IAT Level III Certification, including CISA,CASP, CISSP, or GCED

-DoD 8757 CSSP Auditor Certification, including CISA, CEH, or GSNA

Additional Qualifications:

-Experience in implementing or assessing compliance with a DoD, Department of Navy (DON), or US Marine Corps (USMC) CND policies, regulations, and compliance documents

-Experience in assessing compliance with security controls and DoD Secure Technical Implementation Guidelines (STIGs) supporting the DoD IA Certification and Accreditation Process (DIACAP) and Risk Management Framework (RMF)

-Experience with providing the support required to maintain the Government’s CSSP accreditation per the standards set forth in the CSSP program manual, DOD -8530.1-M

-BA or BS degree in IT or CS

-Completion of Red Team Operations Course

-Professional level certification in one or more technical fields, including a computing environment (CE), such as Windows, UNIX, or Red Hat Linux


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.