The most security-conscious organizations trust Telos Corporation to protect their vital IT assets. The reputation of our company rests on the quality of our solutions and the integrity of our people. Explore what you can bring to our solutions in the areas of cyber, cloud and enterprise security.

Be a part of the Telos culture and see what sets us apart! Telos offers an excellent compensation package with benefits that include generous paid time off, medical, dental, vision, tuition reimbursement, and 401k. Our employees enjoy more than just a great work environment!

This position will be 80% remote with 8 weeks of possible travel per year.  Must live in or within 50 miles of Huntsville Alabama

Responsibilities: 

Performing technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications) Conducting and/or supporting authorized penetration testing on enterprise network assets Making recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes) Preparing assessment reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions Maintaining deployable cyber defense assessment toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense assessment missions Formal written and verbal communication with customer leadership and technical staff regarding assessment findings and reports Virtual team communication via multiple collaboration tools with team members and leadership

Skill in:

Conducting vulnerability scans and recognizing vulnerabilities in security systems Cloud Technologies such as AWS, Microsoft Azure, etc. Conducting application vulnerability assessments The use of penetration testing tools and techniques Using network analysis tools to identify vulnerabilities Assessing compliance with standard configuration baselines (DISA STIG/SRC, CIS Benchmark) Assessing the application of cryptography Assessing the robustness of security systems and designs Mimicking threat behaviors The use of social engineering techniques Performing impact/risk assessments Identifying systemic security issues based on the analysis of vulnerability and configuration data Conducting security assessment interviews Assessing security controls against recognized compliance frameworks (e.g., NIST 800-53)

Knowledge of:

Application vulnerabilities Computer networking concepts and protocols, and network security methodologies Network traffic standards and technology (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], etc.) Penetration testing principles, tools, and techniques System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, injections, race conditions, covert channel, replay, return-oriented attacks, malicious code) Risk management processes (e.g., methods for assessing and mitigating risk) Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth) National and international laws, regulations, policies, and ethics as they relate to cybersecurity Cybersecurity principles Cyber threats and vulnerabilities Specific operational impacts of cybersecurity lapses Cryptography and cryptographic key management concepts Host/network access control mechanisms (e.g., access control list) Network access, identity, and access management (e.g., public key infrastructure [PKI]) Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services Basic system administration, network, and operating system hardening techniques General attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks) System administration concepts for Unix/Linux and/or Windows operating systems Understanding of common Risk Management Frameworks (RMF) and cybersecurity and compliance frameworks such as NIST 800-53, NIST 800-171, CMMC, GDPR, HIPAA, GDPR, etc.