Information Assurance – Cybersecurity

Responsibilities

Noblis is seeking an experienced cybersecurity professional to work in a dynamic mission-oriented environment within Bethesda, Maryland. A successful candidate will be at the forefront of cutting‑edge security operations to tackle offensive and defensive cyber challenges. They’ll dive deep into vulnerability research, reverse engineering threats, and craft advanced tools and malicious payloads to stay ahead of evolving cyber risks. In this dynamic role, they’ll lead the charge in detecting and neutralizing cyberattacks, creating robust defenses, and exploring the latest trends and vulnerabilities across diverse technologies.

Additionally, they’ll safeguard development environments, perform high‑impact penetration testing, and conduct in‑depth malware research to keep systems one step ahead of potential threats.

• Develop or implement a variety of software and hardware solutions in support of work in areas of offensive and defensive security.
• Apply a coding foundation in various languages to create tools and techniques, perform code analysis, conduct code manipulation and develop any solution tailored to the area of need.
• Conduct vulnerability research and analysis of identified platforms, reversing engineering threats to determine methods of exploitation.
• Conduct malware research and research on innovating offensive tools and techniques, developing malicious payloads, and manipulating code execution.
• Accomplish actions to protect data, networks, net‑centric capabilities, and other systems by detecting, identifying, and responding to attacks, or by creating defensive toolsets to identify, monitor, and halt an attack.
• Deliver tailored research of various domains of cyber to include various trends, vulnerabilities, or current flaws in software, hardware, IOT, or other technology related areas.
• Secure development environments and software to enable architecting application security.
• Conduct software evaluations for known risks and/or static and dynamic code analysis, assess web application vulnerabilities, track code releases, accomplish automated penetration testing and fuzzing, malware research and reverse engineering, and deliver recommended mitigations for or patching of known vulnerabilities.

• U.S. citizen and have an active Top Secret Clearance with SCI and CI Polygraph.
• Bachelors of Science and 8+ years of prior relevant experience OR Masters with 6+ years of prior relevant experience.
• Knowledge of offensive and defensive security tactics in various environments (e.g., cloud, IoT, mobile).
• Experience with penetration testing automation and continuous security monitoring.
• Familiarity with network traffic analysis.
• Ability to perform red teaming exercises to simulate real‑world adversarial tactics and techniques.
• Ability to write detailed technical reports and deliver findings to both technical and non‑technical stakeholders.
• Knowledge / use of malware analysis and reverse engineering techniques.
• Knowledge / use of vulnerability research and fuzzing tools for testing code and discovering security flaws.

• Experience with Cloud Security (e.g., AWS, Azure, Google Cloud) and securing cloud‑based applications and infrastructure.
• Knowledge of cryptography and its application in securing communications and data storage (e.g., AES, RSA, hashing algorithms).
• Familiarity with Zero Trust architecture and identity and access management (IAM) principles.
• Foundation in programming languages such as Python, C/C++, Java, or Assembly for vulnerability research, code analysis, and tool development.
• Experience with offensive security tools like Metasploit, Burp Suite, or Kali Linux for penetration testing and exploit development.
• Understanding of network security protocols, web application security, and techniques like SQL injection, Cross‑Site Scripting (XSS), and Buffer Overflow.
• Proficiency in static and dynamic code analysis to identify vulnerabilities and exploit methods.
• Experience with incident response and the ability to quickly identify, analyze, and mitigate security breaches.
• Knowledge of security frameworks and standards such as NIST, OWASP,…