View all jobs
Junior Penetration Tester
Quantico, VA · Information TechnologyMarine Corps Web Risk Assessment Cell (MCWRAC) Support (MCB Quantico, Virginia)
S2Technologies is sourcing for Cybersecurity professionals to provide Marine Corps Web Risk Assessment Cell (MCWRAC) Support with strong operational background in Information Assurance and Computer Network Defense (CND).
The position requires skilled system security engineers, to continuously monitor and assess Marine Corps websites for information and trends of data that could be used to breach security or pose a threat to operations and personnel by conducting ongoing security and threat assessments of web sites, applications and portals for inappropriate information and security configuration implementation. In addition, team members shall evaluate web site content to ensure compliance with policies, procedures and best practices. Results of an assessment shall be delivered in a formal report for AO review and acceptance.
Web Risk Assessments
Desired Experience
Required Certifications for DOD IAM II (One of the following)
REQUIRED:
Minimum of DOD 8570 IAM Level II or IAT Level II Certification
Must have a Top Secret clearance.
S2Technologies is sourcing for Cybersecurity professionals to provide Marine Corps Web Risk Assessment Cell (MCWRAC) Support with strong operational background in Information Assurance and Computer Network Defense (CND).
The position requires skilled system security engineers, to continuously monitor and assess Marine Corps websites for information and trends of data that could be used to breach security or pose a threat to operations and personnel by conducting ongoing security and threat assessments of web sites, applications and portals for inappropriate information and security configuration implementation. In addition, team members shall evaluate web site content to ensure compliance with policies, procedures and best practices. Results of an assessment shall be delivered in a formal report for AO review and acceptance.
Web Risk Assessments
- Provide the capability to conduct Wireless, Windows, Unix, Linux, Database, Application, infrastructure security assessments in accordance with the DISA STIGs, and DoD and Marine Corps guidance, analyze results and document mitigation recommendations
- Provide the capability to locate and assess ICS/SCADA systems on the MCEN analyze results and document mitigation recommendations
- Provide capability to conduct remote assessments to provide pre-inspection reports to the Inspector General Marine Corps Staff in relation to Functional Area Checklist Cybersecurity Management (5239)
- Provide the capability to conduct automated source code review for systems and application on MCEN analyze results and document mitigation recommendations
- Provide the capability to conduct application and web application penetration testing analyze
- Provide the capability to harvest meta data about Marine Corps on MCEN and public internet, review known exploit posting sites (e.g., PasteBin) and report Marine Corps exploits, analyze results and document mitigation recommendations
- Provide the capability to test Public Key Infrastructure (PKI) implementation on the MCEN, ensure that systems take correct certificates, checking the Certificate Revocation List (CRL), analyze results and document mitigation recommendations
Desired Experience
- Knowledge of scripting languages (JAVA script HTML etc.)
- Knowledge of technology deployed on MCEN.
- Experience using and analyzing results of the following security, system auditing and hacking tools:
- ACAS
- Burp Suite
- Kali Linux suite
- OWASP
- CEH
- CCIE
- Windows certification
- GIAC
- OSCP
- SSLP
- eWPT
Required Certifications for DOD IAM II (One of the following)
- CAP
- GSLC
- CISM
- CASP CE
- CISSP (or Associate)
REQUIRED:
Minimum of DOD 8570 IAM Level II or IAT Level II Certification
Must have a Top Secret clearance.