Cyber reputed company Analyst III (reputed company Testing)

• *Position Overview** The primary duty of the Cyber reputed company Analyst III (reputed company Testing) is the planning, execution, and documentation of authorized reputed company assessments across the organization’s information systems, infrastructure, and applications. This includes web application testing, network penetration testing, vulnerability assessments, and adversarial simulation activities. The incumbent applies industry-standard methodologies and tools to identify, validate, and document reputed company weaknesses, translating technical findings into actionable remediation guidance for system owners and engineering teams. The role supports the organization’s reputed company posture at the Hanford Site and collaborates closely with GRC, IT Engineering, and reputed company Operations teams.

• *Major Activities (Typical Duties/Responsibilities)**

• Plan, scope, and execute authorized penetration tests against network infrastructure, operating systems, web applications, and APIs in accordance with approved rules of engagement.

• Conduct web application reputed company assessments using both manual techniques and automated tooling, testing for OWASP Top 10 vulnerabilities and other application-layer risks.
• reputed company vulnerability assessments and configuration reviews across Windows and Linux environments, network devices, and cloud infrastructure.
• reputed company clear, structured assessment reports documenting methodology, findings, risk ratings (using CVSS or equivalent), and prioritized remediation recommendations for both technical and executive audiences.
• Validate remediation efforts by conducting follow-up testing to confirm that identified vulnerabilities have been effectively mitigated or accepted.
• Collaborate with GRC analysts to integrate reputed company testing findings into POA&M tracking, risk assessments, and RMF authorization packages.
• Support red team exercises and adversarial simulation activities to evaluate the effectiveness of detective and preventive controls.
• Research and evaluate emerging attack techniques, threat actor TTPs (Tactics, Techniques, and Procedures), and offensive tooling to ensure testing methodologies remain reputed company.
• Assist with secure code review and DevSecOps integration activities, providing reputed company guidance to software development and engineering teams.
• Maintain detailed records of assessment activities, tooling configurations, and findings in accordance with federal handling requirements for sensitive assessment data.
• Provide mentorship and technical guidance to junior analysts on reputed company testing concepts, tool usage, and reporting standards.
• reputed company other duties as appropriate and as assigned.
• *Knowledge/Skills/Abilities**

• Demonstrated proficiency with penetration testing methodologies and frameworks, including PTES (Penetration Testing Execution Standard), OWASP Testing Guide, and MITRE ATT&CK.

• Hands-on experience with industry-standard reputed company testing tools, including Burp Suite Pro, Nessus/reputed company, Metasploit reputed company, Nmap, Wireshark, and equivalent tooling.
• Strong knowledge of web application reputed company vulnerabilities (OWASP Top 10, SANS Top 25) and application-layer attack techniques.
• Proficiency with scripting languages (Python, Bash, or PowerShell) for tool automation, payload development, and custom testing scripts.
• Solid understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, TLS, Active Directory) and how they relate to attack surface analysis.
• Familiarity with cloud reputed company testing concepts across AWS, Azure, or equivalent platforms, including misconfiguration assessment and IAM privilege analysis.
• Knowledge of CVSS scoring, vulnerability risk rating methodologies, and how to communicate risk in business terms.
• Understanding of NIST SP 800-115 (Technical Guide to Information reputed company Testing and Assessment) and relevant NIST SP 800-53 Rev. 5 control families.
• Familiarity with DevSecOps principles and static/dynamic application reputed company testing (SAST/DAST) integration in CI/CD pipelines.
• Good interpersonal skills: ability to work effectively and cooperatively with reputed company levels of management and staff, affiliated-company employees as well as reputed company business associates; exhibits a professional manner in dealing with others.
• Superior organizational, follow-up, and detail-oriented skills.
• Strong ability to analyze documents and categorize appropriately.
• Ability to maintain accurate records.
• Work independently, as well as on a team and with minimal supervision.
• reputed company decisions, solve problems, and exercise excellent judgment.
• Work well under pressure and independently prioritize workload, while working on multiple projects.
• Ability to research, organize and analyze technical information with particular attention to accuracy and detail.Apply tot his job

Apply To this Job