Skip to main content
  • SBA 8(a)
  • ISO 9001:2015
  • ISO/IEC 27001:2013
  • ISO/IEC 20000-1:2018
  • CMMI-SVC ML3 v2.0
  • CAGE 6VE87
  • UEI DL3JL6J1XG98

Assurit

Assurit is currently seeking experienced Cyber Vulnerability Analyst to support one of our contracts!

Role Description:

The Cyber Vulnerability Analyst is responsible for the delivery of continuous cyber assessments, solving complex technology problems, building tools, and identifying and influencing response to and mitigation of threats. Perform system architecture analysis to enumerate likely attack vectors and conduct static and dynamic analysis to identify vulnerabilities. Once vulnerability has been identified by the CVA or the penetration team, proof-of-concept exploit shall be developed from the finding to prove risk to the system. Focus will be placed on developing previously unknown or unidentified vulnerabilities in target systems. Further analysis will be required to characterize the impact of confirmed vulnerabilities on the system architecture, its environment, as well as provide recommended mitigations. These analysts will ensure services, applications, and websites are designed and implemented to the highest security standards. Responsible for application and hardware penetration testing, automating repetitive tasks using various scripting languages, mentoring, and leading other engineers to deliver complex penetration tests and vulnerability assessments. The analysts will be expected to drive automation, tooling, efficiency, and advance the teams penetration testing capabilities. Responsible for creating threat mitigation plans.

Will Be Required To:

  • Conduct system architecture analysis to develop a detailed understanding of the target system from an adversarial perspective. Identify the system’s security boundary by enumerating external interfaces to include, but not limited to: tactical data inputs, application programming interfaces, and network sockets.
  • Develop an attack matrix that includes the attack surface identified above and potential attack vectors that an adversary may try to exploit.
  • Using the attack matrix, prioritize potential attack vectors and conduct static and dynamic analysis on associated system components to discover novel vulnerabilities.
  • Perform vulnerability research and create scripted proof-of-concept exploits to apply exploits to multiple target systems.
  • Recommend mitigation strategies for all discovered vulnerabilities.
  • Summarize the results in system-specific reports that include the attack matrix, testing procedures performed, analysis of identified vulnerabilities, system environment and architecture impact, proof-of-concept code, and recommended mitigations.

Required Qualifications:

  • At least (3) years of recent experience with vulnerability research, exploit development, and/or software-related bug bounties.
  • Knowledge of the functionality and capabilities of computer network defense technologies, including router Access Control Lists (ACLs), firewalls, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), antivirus/Endpoint Detection and Response (EDR), and web content filtering.
  • Strong written and verbal communication skills, including the ability to explain complex technical topics to non-technical audiences.
  • Demonstratable experience in bug bounty programs with proven record of discovering zero-day vulnerabilities and developing proof-of-concept exploits.
  • Proficiency in scripting languages (Python) with a strong emphasis on automating tasks and developing tools to support vulnerability research efforts.
  • Foundational programming knowledge with C/C++ (ability to read and understand code)
  • Experience with disassembling software binaries and executables with IDA Pro/Ghidra
  • Experience with leveraging debuggers for fuzzing and validating software-related vulnerabilities or created proof of concept exploits.
  • Knowledge of software-related protection mechanisms such as DEP, ASLR, WDEG, etc.
  • B.S. in Computer Science is optional but preferred

Possess One Of The Following Certifications:

  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploit Developer (OSED)
  • Offensive Security Experienced Pentester (OSEP)
  • Offensive Security Exploitation Expert (OSEE)
  • Offensive Security Web Expert (OSWE)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Wireless Professional (OSWP)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • GIAC Reverse Engineering Malware Certification (GREM)
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Clearance:

  • Secret

Apply for Position


Working at Assurit

Assurit is an award winning, certified small business headquartered in Fairfax, VA. We offer a highly competitive compensation and benefits package inclusive of medical and dental coverage, as well as paid time off.

Founded in 2013, Assurit has become a trusted provider of cybersecurity expertise to customers across federal, state and local governments, as well as the commercial sector. We are an employee-centric organization that focuses on the growth and development of our greatest asset – our people. We believe that if our Team is trained and educated, we will always be able to deliver our promise of customer success. If you enjoy work environments focused on continuous learning and growth, Assurit will be a great fit for you.

Whether you saw a specific job opening of ours or are simply interested in learning more about building your career at Assurit, feel free submit your resume. Based on your request, the appropriate individual within our organization will get back to you within 2 business days.

Assurit is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

To apply for this job email your details to denise.pho@assurit.com

Spread the Word