Cyber Operator

BigBear.ai is seeking a Cyber Operator in the Washington DC Metro Area.  The candidate will support technical assessments of IT systems, including web applications, web and application servers, access control and databases. This is an ideal opportunity to be part of one of the fastest growing AI/ML companies in the industry. At BigBear.ai, we're in this business together. We own it, we make it thrive, and we enjoy the challenges of our work. We know that our employees play the largest role in our continual success. That is why we foster an environment of growth and development, with an emphasis on opportunity, recognition, and work-life balance. We give the same high level of commitment to our employees that we give to our clients. If BigBear.ai sounds like the place where you want to be, we'd enjoy speaking with you.

• Conduct automated testing of web applications and APIs for susceptibility to SQL injections, command injections, Cross-Site Scripting, and Cross-Site Request Forgery vulnerabilities using commercial and open source tools, such as OWASP ZAP, Burp, HCL AppScan
• Conduct automated vulnerability scanning against supporting infrastructure components using commercial and open source scanning tools such as nitko, nessus, nmap, and metasploit
• Conduct automated credentialed vulnerability scanning against databases
• Conduct manual testing of infrastructure and web applications to identify, test and validate security vulnerabilities
• Conduct code review and analysis to assess the security posture using static code analysis tools Fortify, CheckMarx, and Coverity
• Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews
• Conduct reviews of system configurations for identification of security weaknesses or misconfiguration
• Assess compliance posture against regulatory requirements such as NIST SP 800-53
• Analyze security findings, including risk analysis and root cause analysis
• Produce Security Test Report to document security testing, validated vulnerabilities, and recommended mitigation/remediation CoAs for Program Management Offices

• Clearance: Must possess and maintain a secret clearance
• Bachelor's degree in computer science, IT, or a related field
• Must have a current IAT Level 2 certification, (CompTIA Security ; SSCP (Systems Security Certified Practitioner) 
• Must have at least two Penetration Tester certifications GPEN, GWAT, GCIH, CEH, GPYC, LPT, or CPT required
• 3-5 years of penetration testing and vulnerability analysis, mitigations and remediations
• 5 years experience with software development, design, configuration and testing of IT applications
• Experience with Risk Management Framework (RMF) and NIST 800-53

• Understanding of software development frameworks - Java and .NET

BigBear.ai delivers AI-powered analytics and cyber engineering solutions to support mission-critical operations and decision-making in complex, real-world environments. BigBear.ai’s customers, which include the US Intelligence Community, Department of Defense, the US Federal Government, as well as customers in manufacturing, healthcare, commercial space, and other sectors, rely on BigBear.ai’s solutions to see and shape their world through reliable, predictive insights and goal-oriented advice. Headquartered in Columbia, Maryland, BigBear.ai is a global, public company traded on the NYSE under the symbol BBAI. For more information, please visit: http://bigbear.ai/ and follow BigBear.ai on Twitter: @BigBearai.

Salary : $0