Job Archives

BHT Solutions is currently seeking experienced Cyber Vulnerability Analyst to support one of our contracts!

Role Description:

The Cyber Vulnerability Analyst is responsible for the delivery of continuous cyber assessments, solving complex technology problems, building tools, and identifying and influencing response to and mitigation of threats. Perform system architecture analysis to enumerate likely attack vectors and conduct static and dynamic analysis to identify vulnerabilities. Once vulnerability has been identified by the CVA or the penetration team, proof-of-concept exploit shall be developed from the finding to prove risk to the system. Focus will be placed on developing previously unknown or unidentified vulnerabilities in target systems. Further analysis will be required to characterize the impact of confirmed vulnerabilities on the system architecture, its environment, as well as provide recommended mitigations. These analysts will ensure services, applications, and websites are designed and implemented to the highest security standards. Responsible for application and hardware penetration testing, automating repetitive tasks using various scripting languages, mentoring, and leading other engineers to deliver complex penetration tests and vulnerability assessments. The analysts will be expected to drive automation, tooling, efficiency, and advance the teams penetration testing capabilities. Responsible for creating threat mitigation plans.

Will Be Required To:

  • Conduct system architecture analysis to develop a detailed understanding of the target system from an adversarial perspective. Identify the system’s security boundary by enumerating external interfaces to include, but not limited to: tactical data inputs, application programming interfaces, and network sockets.
  • Develop an attack matrix that includes the attack surface identified above and potential attack vectors that an adversary may try to exploit.
  • Using the attack matrix, prioritize potential attack vectors and conduct static and dynamic analysis on associated system components to discover novel vulnerabilities.
  • Perform vulnerability research and create scripted proof-of-concept exploits to apply exploits to multiple target systems.
  • Recommend mitigation strategies for all discovered vulnerabilities.
  • Summarize the results in system-specific reports that include the attack matrix, testing procedures performed, analysis of identified vulnerabilities, system environment and architecture impact, proof-of-concept code, and recommended mitigations.

Required Qualifications:

  • At least five years of recent hands-on penetration testing experience with operating systems, web applications, and network infrastructure.
  • Administrator-level knowledge of Windows and Linux operating systems.
  • Experience with operating system security.
  • Skilled with specialized tools and frameworks such as Ghidra, GDB, and Immunity debuggers to understand and perform binary exploitation.
  • Knowledge of the functionality and capabilities of computer network defense technologies, including router Access Control Lists (ACLs), firewalls, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), antivirus/Endpoint Detection and Response (EDR), and web content filtering.
  • Strong written and verbal communication skills, including the ability to explain complex technical topics to non-technical audiences.
  • Possess one of the following certifications, OffSec Certified Professional (OSCP) or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
  • Within 6 months of on-boarding achieve OSED certification.
  • In lieu of certifications candidate must be experienced in bug bounty programs with proven record of discovering zero-day vulnerabilities within binaries and executables.
  • Proficiency in scripting languages with a strong emphasis on automating tasks and developing tools to support vulnerability research efforts.

Job Features

Possess One Of The Following CertificationsOffensive Security Certified Professional (OSCP) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Clearance:Secret

BHT Solutions is currently seeking experienced Cyber Vulnerability Analyst to support one of our contracts! Role Description: The Cyber Vulnerability Analyst is responsible for the delivery of continu...

On-Site
Posted 6 days ago

BHTS is currently seeking experienced Cyber Analyst to support one of our contracts!

Role Description:

Develop and implement security solutions in alignment with a security strategy. Maintain an awareness of market and technology trends to bring best-of-breed solutions to the client. Apply specific functional knowledge and working general industry knowledge. Develop and contribute to solutions to a variety of problems of moderate scope and complexity. Work independently with some guidance and review or guide activities of more junior employees. Due to the nature of work performed within this facility, U.S. citizenship is required.

Basic Qualifications:

  • 5+ years of experience with conducting ATOs, assessing NIST security controls, developing security documentation, and supporting artifacts as part of the accreditation process
  • Experience with reviewing architecture and design patterns for security compliance and proposed risk mitigation solutions in alignment with Federal security policies and technical standards
  • Experience with working in a fast-paced Agile team environment and assessing security controls for individual user stories
  • Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements

Additional Qualifications:

  • Experience with conducting security assessments on a large-scale Agile program, including Scaled Agile Framework
  • Knowledge of assessing security controls for hybrid infrastructure, including cloud and on-prem for COTS-based solutions
  • CISSP or a related Certification

Job Features

ClearanceApplicants must have an active IRS Public Trust preferably with IRS badge and laptop.
Education:Bachelor’s Degree

BHTS is currently seeking experienced Cyber Analyst to support one of our contracts! Role Description: Develop and implement security solutions in alignment with a security strategy. Maintain an aware...