Marine Corps Web Risk Assessment Cell (MCWRAC) Support (MCB Quantico, Virginia)
S2Technologies is sourcing for Cybersecurity professionals to provide Marine Corps Web Risk Assessment Cell (MCWRAC) Support with strong operational background in Information Assurance and Computer Network Defense (CND).
The position requires skilled system security engineers, to continuously monitor and assess Marine Corps websites for information and trends of data that could be used to breach security or pose a threat to operations and personnel by conducting ongoing security and threat assessments of web sites, applications and portals for inappropriate information and security configuration implementation. In addition, team members shall evaluate web site content to ensure compliance with policies, procedures and best practices. Results of an assessment shall be delivered in a formal report for AO review and acceptance.
Web Risk Assessments
Provide the capability to conduct Wireless, Windows, Unix, Linux, Database, Application, infrastructure security assessments in accordance with the DISA STIGs, and DoD and Marine Corps guidance, analyze results and document mitigation recommendations
Provide the capability to locate and assess ICS/SCADA systems on the MCEN analyze results and document mitigation recommendations
Provide capability to conduct remote assessments to provide pre-inspection reports to the Inspector General Marine Corps Staff in relation to Functional Area Checklist Cybersecurity Management (5239)
Web Risk Testing
Provide the capability to conduct automated source code review for systems and application on MCEN analyze results and document mitigation recommendations
Provide the capability to conduct application and web application penetration testing analyze
Provide the capability to harvest meta data about Marine Corps on MCEN and public internet, review known exploit posting sites (e.g., PasteBin) and report Marine Corps exploits, analyze results and document mitigation recommendations
• Provide the capability to test Public Key Infrastructure (PKI) implementation on the MCEN, ensure that systems take correct certificates, checking the Certificate Revocation List (CRL), analyze results and document mitigation recommendations
3 years conducting DoD network assessments
3 years of experience conducting code reviews
3 years of experience conducting penetration testing
Knowledge of scripting languages (JAVA script HTML etc.)
Knowledge of technology deployed on MCEN.
Experience using and analyzing results of the following security, system auditing and hacking tools:
Kali Linux suite
Required Certifications for DOD IAM II (One of the following)
CISSP (or Associate)
REQUIRED: Minimum of DOD 8570 IAM Level II or IAT Level II Certification Must have at least a final Secret clearance, with a successfully adjudicated Single-Scope Background Investigation (SSBI).