saBeltsville, MD

Secret Required

5 +

Preferred Requirements:

• CISSP
• SANS GREM
• SANS GCIH and/or GCIA
• Certified Ethical Hacker
• Basic knowledge of Java, C, and/or C++

Project Overview:
The Integration Lead’s overall goal is to maintain awareness of, curate, and triage current threats the CIRT should proactively monitor for and respond to. Sources for information would be open source, classified, and via liaison with internal threat intel teams. An excellent verbal communication, reporting and presentation skills is a must.

Daily Responsibilities:
Determine the best way for the CIRT to put the information to use. The candidate MUST have an excellent understanding of how a CIRT functions and the typical technologies it leverages. For example:

• Should an IDS signature be made?
• What technology do we have, or should we use to detect the threat?
• Is it sufficient to make CIRT analysts aware of the information or TTP? If so, which teams need to know and how can they use it?
• Continuously internally evangelize and promote how and why threat information should be and is important in driving CIRT actions
• Create short situation reports as required.
• Maintain and regularly update an MS Teams channel dedicated to CIRT/Department of State related Threat intelligence.
• Assist with developing training opportunities for junior analysts.

Although the position does not currently have any direct reports, the Threat Lead will be part of the CIRT upper Management team. As such, the position should have a good understanding of how a CIRT functions, and the technologies involved so that they can be leaned on to help move the CIRT forward.

Provides Penetration testing and Vulnerability Analysis support to a cabinet level federal agency. Contributes to a team of information assurance professionals working to improve technical security posture. Duties include writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.Must possess six (6) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging technologies. The candidate must have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling. Be a selfstarter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. In addition the candidate must possess the following skill set:

• Able to conduct Penetration Tests and Vulnerability Analysis using Automated and Manual TTPs.
• Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
• Must be able to use at least two of the following proficiently and instruct others on them:
• Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
• Must have solid working experience and knowledge of Windows and Unix/Linux operating system
• Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, assessing network device configurations, and operating systems (Windows/nix) • Scripting (Windows/nix), Bash, Python, Perl or Ruby, Systems Programming
• Strong familiarity with at least one of the following: OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
• Must be able to work alone or in a small group

• Performs Penetration Tests and Vulnerability Analysis on web and other applications, network infrastructure and operating system infrastructures.
• Briefs executive summary and findings to stakeholders to include Sr. Leadership
• Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
• Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures.
• Helps customer perform analysis and mitigation of security vulnerabilities.
• Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
• Provide support to incident response teams through capability enhancement and reporting.

Mentor Jr and Mid staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.Preferred but not absolutely required:

• OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications
• CISSP
• Certified Ethical Hacker

The Bureau of Near Eastern Affairs’ Assistance Coordination Office (NEA/AC) oversees more than $200 million in foreign assistance funding throughout the Middle East. NEA/AC manages a range of programs, including the Middle East Partnership Initiative (MEPI), Syria, Near East Regional Democracy, Iraq, and the Trans-Saharan Counterterrorism Program (TSCTP).
In support of NEA/AC programming, Pillar Systems holds a three-year contract to provide evaluation services support by conducting a range of evaluations to determine the effectiveness of NEA/AC programs, systems, and funded grants implemented by local partners. Pillar Systems has completed evaluations of MEPI’s exchanges programming, the Near East Regional Democracy’s use of mobile communications technology, MEPI’s democracy and governance portfolio, and is currently implementing an evaluation of Syria Civil Society programming. This is in addition to providing a team of both on-site and off-site M&E experts to provide routine evaluation assistance.

Duties include assisting with reporting and data analysis efforts, providing management and support of NEA/AC’s online Performance Reporting System (ACPRS), as well as conducting up to 5 annual independent evaluations and 3 internal reviews (as needed) of current foreign assistance programming. The M&E Specialist will also provide additional analytical products on best practices, known methodologies, and current data and methodological trends on development and countries in the region.

• At least 3 years’ experience in the monitoring and evaluation of United States Government (USG)
• funded programs in the international development arena, particularly of grant funded projects
• Masters degree in sociology, social sciences, etc.
• Demonstrated knowledge of current social science, evaluation and analytical tools and methods required
• Strong analytical skills, organizational skills, detail orientation, and timeliness of performance
• Demonstrated excellence in written and verbal communication, and interpersonal skills
• Proficient in Excel and working with pivot tables
• Proficient in translating data into compelling visualizations
• Understanding of data quality standards and methodologies
• Familiarity with social media metrics and dashboards
• Experience working on projects in the Middle East and North Africa
• Active Secret Security Clearance