Cask is seeking a Web Assessment Analyst to support the Marine Corps. The applicant will be responsible for monitoring and assessing Marine Corps websites and applications for vulnerabilities that could be used to breach security and to safeguard the network from attack. Harvest metadata about Marine Corps from MCEN and public internet sources, conduct a review and analysis of the collected data, and document the findings and recommendations for mitigating vulnerabilities and managing risks.
Responsibilities

• Conduct manual and automated penetration tests of DoD applications.
• Conduct source code reviews for web-based systems and application on MCEN analyze results and document mitigation recommendations
• Conduct Application and web application penetration testing, analyze results and document mitigation recommendations
• Harvest, review, and report metadata about Marine Corps on MCEN and public internet on known exploit posting sites and report Marine Corps exploits
• Assist in the development of Standard Operating Procedure and testing methodology for USMC across on premise and cloud operations
• Assist in the development and delivery of Assessment Methodology training to Marine Corps operational staff and personnel

Requirements

• Required Security Clearance: Active Secret
• Bachelor’s Degree in Computer Science or IT related field or at least five years of experience performing various assessments (penetration testing of systems and networks within a DOD Network Environment of enclave).
• At least five years of experience developing specialized applications for the assessment and security testing of web applications.
• Knowledge of DOD security controls to include DISA Secure Technical Implementation Guidelines (STIG) and the DOD IA Certification and Accreditation Process and Risk Management Framework (RMF).
• Familiarity with the MITRE (Adversarial Tactics Techniques and Common Knowledge (ATT&CK) framework and Open Web Application Security Project (OWASP) for understanding, describing vulnerabilities and attack scenarios.
• Understanding of functionality and capabilities of computer network defense technologies, to include: Router ACLs, Firewalls, IDS/IPS, Anti-virus, Web Content filtering, host detection systems, SIEM, ports and protocols, enCase, GREM.
• Information Assurance Technical (IAT) Level II certification and the ability to obtain a DoD 8570 CSSP Auditor certification