"Job#: 2036451 Job Description: Position Overview: We are seeking a passionate and experienced Attack Surface Management (ASM) Cybersecurity Analyst to join our organization. This is a technical, hands-on role that requires the ability to assess attack surface exposure across the company network and systems. This position is responsible for conducting proactive attack surface assessment and advising the implementation of security technologies and controls to improve defensive posture.The ideal candidate will have a strong background in cyber security and security operations, with an understanding of OWASP common vulnerabilities and testing methodologies. Qualifications: Bachelor's degree in computer science, technology, engineering or security-related fieldor equivalent experienceMinimum 5 years IT security experienceBroad knowledge of core information security principles (e.g. access control, least privilege, data integrity) and security capabilitiesThorough understanding of network design principles (including topology, protocols, network components, and principles) and virtualized infrastructuresPractical experience with Splunk, ArcSight or comparable Security Information and Event Management (SIEM) Demonstrated experience in security operations, including SOC and security monitoring, incident response, host/network forensics, penetration testing, cyber threat intelligence, malware analysis, or security consultingDemonstrated ability to work outside of the standard enterprise tools and alerts to identify adversarial behavior Thorough understanding of TCP/IP network stack, network technologies, network traffic analysis and protocolsFamiliarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, Path Traversal Attacks, Remote Execution Flaws, and Authentication FlawsUnderstanding of common web application frameworks and web-based APIsBasic understanding of regular expression and common scripting languages (PERL, Python, Powershell, Bash)Familiar with threat intelligence lifecycle and adversary TTPS, including Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APT, or Insider Threat is idealUnderstanding of OWASP common vulnerabilities and testing methodologiesUnderstanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)Experience drafting Security Analyst processes and procedures for security operationsAbility to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitmentsSolid verbal and written communication skills requiredJob Responsibilities: Support and advise development of program objectives, priorities, and strategyConduct attack surface assessments and analysis of exposed vulnerabilities Perform verification/validation testing for vulnerabilities in external-facing web sites, web applications, and services; demonstrate exploitation steps and verify remediation/fixesPerform data collection in support of ASMIdentify vulnerabilities, communicate risk, and verify root causeDevelop custom tools and small utilitiesGenerate comprehensive reports, including detailed findings, exploitation procedures, and mitigation techniquesMaintain knowledge of the current security threat landscape by monitoring related internet postings, intelligence reports and other sector specific sources as necessaryGenerate reports detailing assessment findings, attack paths, exploitation procedures, and recommended mitigation techniquesJob Requirements: Must be willing and able to obtain and maintain US government security clearanceRequired to submit to a thorough background examinationStrong technical consulting experience: ability to understand business requirements and present appropriate solutionsAbility to work independently or within a teamDemonstrated critical, independent thinking; demons rated ability to conceive and present creative solutionsOne or more relevant industry certifications (GSEC, CISSP, Security +, SSCP)Occasional travel to local and regional locations in pursuit of the job duties and requirementsEEO EmployerApex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [emailprotected] or 844-463-6178. Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.VEVRAA Federal ContractorWe request Priority Protected Veteran and Disabled Referrals for all of our locations within the state.We are an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. The EEO is the Law poster is available here.PDN-9c8c2636-aea7-4736-8027-448d3890d989"