NASA IV&V Cyber Defense Analyst
Job Type Full-time
Job Status Sourcing
Date Posted Thursday, 15 March 2018
Location Fairmont, WV
Job Description

NASA IV&V Cyber Defense Analyst

Job Location: WV - Fairmont

Requisition ID: 2018-40803

Category: Cyber Security


MPL Corporation is a provider of Independent Verification and Validation (IV&V), Safety & Mission Assurance, and Cybersecurity services to the NASA IV&V Program located in Fairmont, West Virginia. At the NASA IV&V Facility, we support NASA's IV&V Program, delivering analysis and verification & validation of safety-critical and mission-critical software and systems for a number of important NASA programs, including both human and robotic exploration as well as earth and space science collection platforms and the associated ground systems.

Roles and Responsibilities as defined:

  • Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within environments under assessment or review for the purposes of mitigating threats.

  • Gaining an understanding of NASA requirements and the application of NASA security requirements within the current cyber landscape

  • Vulnerability assessment support, including analysis of vulnerabilities from NASA, other agencies and the commercial sector

  • Coordination and managing high school interns engaged in support of SSO during the summer months

  • Other Information Assurance and SSO functions as assigned. Examples include but are not limited to:

  1. Execute and operate cybersecurity tools such as Metasploit

  2. Support the generation of vulnerability assessment reports

  3. Develop cybersecurity white papers for NASA

  4. Support Software Assurance Research Projects

Required Qualifications

  • Bachelors' degree in a directly related field and 8+ years of experience. Four (4) years of relevant experience or domain specific certifications may be substituted for each degree requirement.

  • Ability to obtain a TS/SCI clearance

  • Ability to ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level, characterize and analyze network traffic to identify anomalous activity and potential threats to network resources, reconstructing a malicious attack or activity based off network traffic, perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy, examine network topologies to understand data flows through the network, recommend computing environment vulnerability corrections.

  • Able to take ownership of tasks and problems and provides solutions and maintain excellent rapport with all internal and external customers

  • Ability to travel up to 30%

Desired Qualifications

  • Experience with modeling networks (RedSeal)

  • Active Top Secret Clearance

  • Experience with PCAP analysis tools (e.g., RSA NetWitness, Wireshark, tcpdump, Network miner)

  • Ability to assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave, assess adequate access controls based on principles of least privilege and need-to-know, monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise, assess and monitor cybersecurity related to system implementation and testing practices as well as work with stakeholders to resolve computer security incidents and vulnerability compliance,

  • Demonstrate skills developing and deploying signatures, detecting host and network based intrusions via intrusion detection technologies (e.g., Snort), determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes, evaluate the adequacy of security designs, use incident handling methodologies, collect data from a variety of cyber defense resources, recognize and categorize types of vulnerabilities and associated attacks, read and interpret signatures (e.g., snort), assess security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.), conducting and recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning), conduct trend analysis, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) and use cyber defense Service Provider reporting structure and processes within one’s own organization.

  • Ability to accurately and completely source all data used in intelligence, assessment and/or planning products, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) and apply techniques for detecting host and network-based intrusions using intrusion detection technologies.

MPL Corporation offers an excellent benefits package.  We are dedicated to providing the best possible economic and personal security for each employee.

MPL Corporation is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required.

Email resume to:

How to Apply
Email Resume To

Go back to last page