Cask is a leading Management Consulting firm specializing in delivering business and technical expertise to clients across commercial and government markets. Join the many happy employees at Cask! We have been named a top 5 firm to work for by Consulting Magazine for 5 of the past 6 years.
Cask is seeking a Web Assessment Analyst to support the Marine Corps. The applicant will be responsible for monitoring and assessing Marine Corps websites and applications for vulnerabilities that could be used to breach security and to safeguard the network from attack. Harvest metadata about Marine Corps from MCEN and public internet sources, conduct a review and analysis of the collected data, and document the findings and recommendations for mitigating vulnerabilities and managing risks.
Responsibilities
- Conduct manual and automated penetration tests of DoD applications.
- Conduct source code reviews for web-based systems and application on MCEN analyze results and document mitigation recommendations.
- Conduct Application and web application penetration testing, analyze results and document mitigation recommendations.
- Harvest, review, and report metadata about Marine Corps on MCEN and public internet on known exploit posting sites and report Marine Corps exploits.
- Assist in the development of Standard Operating Procedure and testing methodology for USMC across on premise and cloud operations.
- Assist in the development and delivery of Assessment Methodology training to Marine Corps operational staff and personnel.
Requirements
- Required Security Clearance: Active Secret
- Bachelor’s Degree in Computer Science or IT related field or at least five years of experience performing various assessments (penetration testing of systems and networks within a DOD Network Environment of enclave).
- At least five years of experience developing specialized applications for the assessment and security testing of web applications.
- Knowledge of DOD security controls to include DISA Secure Technical Implementation Guidelines (STIG) and the DOD IA Certification and Accreditation Process and Risk Management Framework (RMF).
- Familiarity with the MITRE (Adversarial Tactics Techniques and Common Knowledge (ATT&CK) framework and Open Web Application Security Project (OWASP) for understanding, describing vulnerabilities and attack scenarios.
- Understanding of functionality and capabilities of computer network defense technologies, to include: Router ACLs, Firewalls, IDS/IPS, Anti-virus, Web Content filtering, host detection systems, SIEM, ports and protocols, enCase, GREM.
- Information Assurance Technical (IAT) Level II certification and the ability to obtain a DoD 8570 CSSP Auditor certification.
Cask is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or status a qualified individual with a disability.
EEO/Employer/Vet/Disabled