Overview: Come Join Our Team
Fast-paced, dynamic, and rewarding environment supporting regional defense efforts. This project delivers defensive cyberspace operations (DCO) support to Cyber Security Service Provider Division (CSSP-D), US Army Regional Cyber Center-Korea. The CSSP-D environment includes any hardware, software, application, tool, system, or network used by the Government, whether developed, leased, or commercially purchased. Our operations are based on-site at Camp Humphreys, South Korea. Employees are authorized to receive a Living Quarters Allowance, a Cost-of-Living Allowance, and relocation expenses. Additionally, our employees are eligible for reimbursement for school-aged children to attend either Department of Defense Education Activity schools (space available) or local school of choice.

The Defense Assessment Analyst, under limited supervision, will plan, coordinate, integrate, synchronize, direct, and conduct Cyber Defense Operations to detect, deter, disrupt, and deny adversary activities in order to protect and defend the Do D Information Network – Army (Do DIN-A). You will contribute to the development of policies, processes, and architectures to enhance execution of cyberspace operations in support of full spectrum missions. You will direct and oversee the execution of Computer Defense Assistance Program (CDAP) missions, to include Persistent Presence, Penetration Testing, Network Damage Assessments, Network Assistance Visits, and Cyber Security Service Provider (CSSP) assessments of subscriber networks. You will participate in the Risk Management Framework (RMF) accreditation process. You will contribute to re-accreditation efforts for classified and unclassified Army networks in Korea. You will provide technical evaluations and solutions to ensure supported systems are Information Assurance (IA) compliant. Assess risks to information systems and networks from attack or intrusion.
Responsibilities:

• Participate in the execution of required and requested Computer Defense Assistance Program missions in support of Cyber Security Service Provider (CSSP) requirements.
• Plan, assess, test, analyze, and report information on security vulnerabilities and possible exploitations present in a variety of complex and secure computer systems.
• Prepare, participate in and/or present briefings to senior management officials in conferences and workshops where security related issues are discussed.
• Review design documentation, vendor self-assessments, network protocols, and software code for system vulnerabilities.
• Review new policies and initiatives by local authorities, Department of Defense (Do D), US Cyber Command, Department of the Army (DA), Army Cyber Command (ARCYBER), NETCOM, and various agencies.
• Ensure timely delivery and accuracy of AR 380-53 related products.
• Review design documentation, vendor self-assessments, network protocols, and software code for system vulnerabilities.
• Provide technical information system security testing in support of the appropriate security risk management processes using security assessment and technical testing efforts, including in-depth network and application vulnerability testing for automated and manual testing and demonstrable false positive validation.
• Develop documentation in support of testing efforts, including test plans, preliminary findings reports, security assessment reports, and other test artifacts, as required by the customer.
• Work with commercial, and government open-source vulnerability assessment tools and techniques used for evaluating operating systems, databases, and Web applications.
• Be required to successfully complete the Army Penetration Testing Course (APTC), location and dates to be determined, once obtaining this position.

Qualifications:

• Active Do D TS/SCI clearance
• Bachelor’s degree or higher from an accredited college or university in one of the following fields: Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering, Mathematics or Engineering
• Any of the following certifications can be substituted for a Bachelor’s degree: CCSP or CEH or CFR or Cloud+ or Cy SA+ or GCED or GICSP or Pen Test+
• If substituting certification for a Bachelor’s degree, a HS diploma or GED is required in addition to the certification

• 3 or more years of experience in an equivalent position
• Experience with analyzing and executing test plans and procedures
• Experience with programming in C, C++, C#, Java, ASM, PHP, Perl, Microsoft .NET, Python, or Ruby and Linux or UNIX shell scripting
• Experience with problem solving using out-of-the-box approaches
• Knowledge of penetration attack strategies on Army Enterprise classified and unclassified networks for Web services, databases, and e-mail, forensics tools, and cryptography principles
• Knowledge of security frameworks, including ISO 27001 and 27002, NIST, HIPPA, or SOX
• Knowledge of enterprise-level solution storage and databases, including relational databases, database management systems, enterprise storage systems, or security concerns for these systems
• 3+ years of experience with security, including penetration testing and vulnerability assessments
• Experience with vulnerability analysis or reverse engineering
• Knowledge of UNIX or Linux operating systems, TCP/IP protocol stack, and networking tools
• Knowledge of software development in C++ or Java

About i3:

• We were founded in 2007 with the intent to do business differently.
• Our focus is to leave our team members and customers better than we found them.
• Our ultimate goal is to strengthen our Nation and our warfighter.

• 100% team member owned
• Outstanding insurance coverage
• 401(k) match
• Health and wellness incentives
• Tuition and certification reimbursement
• Generous PTO
• Fun culture with company activities
• Countless opportunities to give back to the community through our charitable organization, i3 Cares