Cyber Systems Security Assessor – Web
The candidate will be responsible for conducting vulnerability and compliance assessments on a Web-based frameworks to include, but not limited to reviewing network/system documentation to identify cybersecurity design flaws, scanning network(s) to identify live hosts and ports, protocols and services, fingerprint applications/operating systems, identify vulnerabilities, analyze results, manually verify findings to eliminate false positives or negatives, capture artifacts such as screen captures, etc., to provide evidence and artifacts for each exploitable vulnerability, etc. Candidate must also be able to adequately tell the story of how vulnerability was exploited and what the overall impact would be to particular hosts or networks.
More specifically, the candidate will:
- Analyze web application security scanner reports and validate false positives/negatives.
- Have strong UNIX/LINUX fundamentals along with familiarity of UNIX/LINUX/Windows Command Line Interface (CLI).
- Possess knowledge of common databases such as: MSSQL, Oracle, MySQL, etc.
- Expert knowledge of security risks related to web applications, web services, web browsers, databases and client/server architectures.
- Experience with application security tools like: HTTP and TCP proxies, scanners, etc.
- Demonstrate an ability to successfully execute complex tasks simultaneously. Demonstrate an ability to assess networking requirements and provide solutions.
- Demonstrate an ability to make accurate and independent decisions under pressure.
- Adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit. – Methodically analyze problems, troubleshoot servers and infrastructure equipment and identify potential solutions.
- Demonstrate understanding of common cyber threat terminology, methodologies, and possess basic understanding of cyber incident and response, and related current events.
- Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments.
- Possess excellent organizational, interpersonal, written and verbal communication skills.
- Demonstrate an ability work as a team member as well as independently.
- Travel up to 25% with trips encompassing 1-4 weeks in duration.
- Must have an active TS/SCI clearance.
- Must possess or be willing to obtain a DoD 8570 IAT Level 3 (CISSP, CASP, etc.) and a web-based certification (i.e., CIW Web Security Professional, GWAPT or similar) within 6 months.
- Must possess or being willing to obtain UNIX/Linux certification, MCP certification and a Web-based certification (i.e., GWAPT, CIW Web Security Professional) within a defined timeframe.
- Minimum Bachelor’s degree and 2 years’ experience, Associates degree with 4 years’ experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science.
- Five years System Administrator experience (UNIX/Linux) (5 years).
- Must complete customer pre-screen, skills assessment lab, pass customer training and certification program and remain mission ready qualified.
- Self-motivated with minimal supervision.
- Analytical with the ability to understand and implement customer objectives.
- Demonstrated knowledge of common databases such as MSSQL, Oracle, MySQL, etc
- Familiarity with NIST, RMF, DISA STIGs and experience in conducting DOD vulnerability and compliance assessments.