Cyber Security Application Security Analyst

Exeter is seeking a Senior Cybersecurity Application Security Analyst/IT Systems Solution Architect to support the U.S. Army at Fort Knox, Kentucky. Paid relocation to Fort Knox is not available; candidates must be local or willing to relocate at their own expense.  

 Key duties of the positions include:  

• Support the Cybersecurity Division (CSD) Cyber Weapons and Interdiction (CWIB) branch. 

• Perform web application scanning & application security assessments. 

• Perform manual application testing to identify vulnerabilities or deviations from software standards. 

• Provide timely and detailed reports, with proofs of findings and analysis of risk. 

• Assist with integration of static & dynamic web application assessments into secure SLDC lifecycles 

• Use SharePoint and other collaboration tools to collect, monitor, and manipulate C&A documentation through the collection, review, approval, and final distribution processes. 

• Support Cybersecurity IT internal and external inspection teams.  

• Supports the Cybersecurity Division (CSD), staff, and senior management in areas of Risk Management Framework (RMF) for DoD IT, DoD/Army Regulations, Incident Response, Software Assurance, and related Cyber disciplines. 

• Work closely with representatives from other divisions and branches (IT, Networking, etc.) to request information, provide clarification, and validate findings, evidence, and POA&M statements. 

• Maintain and meet deliverable schedules.  Must be proactive in obtaining information from multiple internal and external teams to complete requirements on schedule. 

 Additional details of positions will be provided to qualified applicants. 

Required Qualifications: 

• Bachelor’s degree in Information Technology, Computer Science, or related field. Substantial experience in lieu of degree may be considered. 

• Current DoD 8570.01-M Information Assurance Technical IAT Level II (IAT II) baseline certification, such as Security CE.  Uncertified candidates cannot be considered. 

• US Citizen with active DoD Secret Clearance.

• Minimum 5 years IT experience. 

  Development background is required. 
  Microsoft .NET or Java development experience required.  
  Knowledge of SDLC methodologies. 
  Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues. 

• Web services development and design with integrated security engineering experience. 

• Requires excellent English verbal and writing skills including report generation, presentations, and technical writing. 

• Highly organized with the ability to independently maintain schedules and meet deadlines. 

Desired Qualifications: 

• Certified Application Security Engineer (CASE), Certified Secure Software Lifecycle Professional (CSSLP), or similar certification. 

  Higher level DoD 8570 IAT-III/IAM certifications (i.e. CISSP, CASP, etc.) 

• Experience with supporting assessment of IT systems compliance with Federal IT Security standards. (NIST 800-53, FISMA, etc.) 

• 5-10 years of web application development related work experience. 

• Experience performing manual and automated code review and penetration tests for complex applications. 

• Experience with static code scanning tools (Fortify, AppScan, etc.) 

• Experience with dynamic analysis tools (Burp, Zaprozy, SQLMap, BeEF, DAVtest, dirb, fierce, curl, hping, etc.) 

• Technical understanding of database, web server, and operating system security. 

• Knowledge of security systems and controls, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. 

• Understanding of data handling privacy standards to include PII and PHI. 

• Familiarity with DISA application security related Security Technical Implementation Guides (STIGs). 

• Veterans with prior Army/DoD Cybersecurity experience highly desired.