Telesis Corporation is sourcing for Cybersecurity professionals to provide Marine Corps Web Risk Assessment Cell (MCWRAC) Support with strong operational background in Information Assurance and Computer Network Defense (CND).
The position requires skilled system security engineers, to assess USMC websites for information and vulnerabilities that could be used to breach security or to pose a threat to operations or creates opportunities for hackers to exfiltrate data. Additionally, the MCWRAC engineer is responsible for evaluating web site/application content to ensure compliance with policies, procedures and best practices. Results of an assessment shall be delivered in a formal report for AO review and acceptance. Lastly, the MCWRAC supports the USMC White Team efforts to perform compliance and readiness inspections through the use of checklists and evaluation of policy and procedures.
Web Risk Assessments
- Provide the capability to conduct web application penetration testing/scanning using approved tools, analyze results.
- Provide mitigation strategies and other recommendations based on the results of penetration testing and scans.
- Provide a report that contains executive-level and finite details as directed based on the audience.
White Team Evaluation
- Provide the capability to conduct security assessments for web servers, web applications, operating systems, databases, or infrastructure equipment in accordance with DISA STIG checklists, DOD guidance, and USMC regulations and analyze results.
- Provide recommendations and reports based on results of security assessments.
- Provide the capability to conduct source code review for web applications using approved tools and analyze the results.
- Provide recommendations and reports based on the results of source code review.
- 3 years conducting DoD network assessments
- 5 years of experience conducting code reviews
- 5 years of experience conducting penetration testing
- Written/Oral ability.
- Knowledge of scripting languages (PowerShell, Python, Perl, etc.)
- Knowledge of technology deployed on MCEN.
- Experience using and analyzing results of the following security, system auditing and hacking tools: ACAS, Burp Suite, Fiddler, HBSS, Client Fortify, Client Web Inspect, Kali Linux suite, LanSweeper, Web Scarab, WinPCAP
- Windows certification
Required Certification: Must meet the minimum DoD educational and certification requirements for Information Assurance Technical (IAT) II or Information Assurance Management (IAM) II of DODI 8570.01-M (One of the following)
- CASP CE
- CISSP (or Associate)
- Security + CE
Minimum of DOD 8570 IAM Level II or IAT Level II Certification
Must have at least a final Secret clearance, with a successfully adjudicated Single-Scope Background Investigation (SSBI).