logo

View all jobs

Security Analyst - Automation

Washington, DC
Title: Mid-level Automation Specialist
Location: On client site in Washington, DC
Salary: DOE
Clearance: Clearable
 
Lunarline is looking for an Automation Specialist to support a program that performs assessments on 4,000+ hosts on an annual, monthly, and ad-hoc basis.
 
Duties and Responsibilities:
  • Analyze, review, and determine areas where automation can increase productivity and effectiveness in assessment process of individual units.
  • Identify bugs and quality issues in development, service, or business processes.
  • Create custom automated tests for databases, systems, networks, applications, hardware and software.
  • Develop scripts (Python, PowerShell, etc.) for use in automating specific scanning, reporting, and data collecting tasks.
  • Develop Splunk dashboards.
  • Document test issues and work with client and team to validate/recreate.
  • Draft documentation for new scripts, tools, and dashboards.
  • Demonstrate new scripts, tools, and dashboards for team and client.
  • Maintain steady communication with leadership and client to understand project needs.
  • Coordinate with approximately 500 unique units’ IT staff to schedule and prepare for recurring vulnerability scans of servers, computer systems, and networks to discover vulnerabilities in software and applications.
  • Analyze scan results using automated and manual processes to determine scanning success.
  • Generate and provide Basic Risk Reports (BRRs) to all system owners for systems scanned.
  • Provide first line support in assisting clients in understanding scan results, and in limited cases, in helping the courts to remediate the vulnerabilities.
  • Prepare Residual Risk Reports (R3) for the customer for all systems scheduled, per the government-provided schedule using the government-provided R3 generation script.
  • Perform an out-of-cycle scan to look specifically for threats identified that may pose an unacceptable risk to the customer.
  • Perform any other task or duty as assigned or required by the client.
  • Proactively keep up with the latest technologies.
  • Report threats and risks to the customer environment.
Skills and Qualifications:
Required
  • 3+ years’ experience in any of the following: information security engineering, systems engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, or application security
  • 3+ years of experience in building test strategy and test plans to ensure processes are efficient
  • 3+ years direct experience in design, development, and implementation of quality assurance solutions
  • Proven ability to automate tests for databases, systems, networks, applications, hardware and software and deliver solutions for software processes
  • Knowledge of programming / application building / coding or other programming language(s)
  • Knowledge of vulnerability management and scanning best practices; this should include knowledge of the CVE database and the CVSS system used for scoring vulnerabilities
  • Developing ethical hacking mindset with professional experience in assessing diverse network and system architectures in a comprehensive manner
  • Ability to communicate with and distill information from technical resources during formal and informal meetings
  • Must be able to work both independently and as a part of team testing efforts
  • Strong communication skills (verbal and written)
  • Excellent organizational skills
  • Excellent time management skills
Desired
  • Experience with creating custom PowerShell scripts
  • Experience with database creation, maintenance, data loading, etc.
  • Some experience performing hands-on penetration testing, security test planning, and vulnerability analysis, focusing on automated and manual exploitation of applications, networks, and system level designs and implementations
  • Knowledge of software exploitation (web, client-server, mobile, and wireless) on modern operating systems
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
  • Knowledge of Splunk, SQL, DB Protect, or other data platforms
  • Experience using Tenable Security Center Continuous View (Nessus) or other scanning tools
  • Experience using pen testing tools and techniques
 Education:
  • Bachelor's Degree Preferred
Certifications:
  • The following certifications (one or more is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications, OSCP, CISSP, CISM, CEH, or equivalent.
Lunarline operates the award-winning School of Cybersecurity and the Cyber Certified Experts (CCE) program. We pride ourselves that our education and certification programs are supported by full-time professionals defending organizations and systems in the field. This means that training and certification are practical and supported by real-life experience. Members of our team have the opportunity to teach courses, develop course material, as well as materials for certification programs. As a Lunarline employee, you will have the opportunity to expand your proficiency by building the proficiency of other cyber professionals. This is a key difference working as member of the Lunarline team offers our teammates.

 
Full List of Company Benefits

Disclaimer
Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
Powered by