Responsibilities

• Conduct manual and automated penetration tests of DoD applications.
• Conduct source code reviews for web-based systems and application on MCEN analyze results and document mitigation recommendations.
• Conduct Application and web application penetration testing, analyze results and document mitigation recommendations.
• Harvest, review, and report metadata about Marine Corps on MCEN and public internet on known exploit posting sites and report Marine Corps exploits.
• Assist in the development of Standard Operating Procedure and testing methodology for USMC across on premise and cloud operations.
• Assist in the development and delivery of Assessment Methodology training to Marine Corps operational staff and personnel.

Requirements

• Required Security Clearance: Active Secret 
• Bachelor’s Degree in Computer Science or IT related field or at least five years of experience performing various assessments (penetration testing of systems and networks within a DOD Network Environment of enclave).
• At least five years of experience developing specialized applications for the assessment and security testing of web applications.
• Knowledge of DOD security controls to include DISA Secure Technical Implementation Guidelines (STIG) and the DOD IA Certification and Accreditation Process and Risk Management Framework (RMF).
• Familiarity with the MITRE (Adversarial Tactics Techniques and Common Knowledge (ATT&CK) framework and Open Web Application Security Project (OWASP) for understanding, describing vulnerabilities and attack scenarios.
• Understanding of functionality and capabilities of computer network defense technologies, to include: Router ACLs, Firewalls, IDS/IPS, Anti-virus, Web Content filtering, host detection systems, SIEM, ports and protocols, enCase, GREM.
• Information Assurance Technical (IAT) Level II certification and the ability to obtain a DoD 8570 CSSP Auditor certification.