Criterion Systems
Web Application Vulnerability Assessment SME
This job is now closed
Job Description
- Req#: 2946
- The Contractor shall be responsible for providing capabilities necessary to discover vulnerabilities in both internal and public facing web applications and web security appliances (Web Application Firewalls) through no-notice and cooperative security assessments and automated scanning.
- Contractor staff will open records for any findings resulting from these campaigns and validate reported fix actions.
- Automated web vulnerability scanning is conducted continuously and encompasses about 700 total Uniform Resource Locators (URLs). Contractor staff will manually validate vulnerabilities found during automated scanning and open records for those validated findings.
- Implement a repeatable and documented assessment methodology (NIST SP 800-115).
- Assist the Government to determine the objectives of each security assessment, and tailor the approach accordingly (NIST SP 800-115).
- Personnel supporting this task shall successfully complete the Government’s “Red Team Operations Course” to further develop expertise on network attack methods.
- Perform manual web application penetration tests on both internal and external systems to identify vulnerabilities such as those listed in the Open Web Application Security Project (OWASP) Top 10, the Mitre ATT&CK matrix, Mitre Common Attack Pattern Enumeration and Classification (CAPEC), Mitre Common Weakness Enumeration (CWE), or other sources.
- Operate automated web application vulnerability scanning and situational awareness tools including but not limited to Acunetix, Fiddler, WebInspect, Netsparker, and Expanse eXpander.
- Bachelor’s Degree in Computer Science or IT related field or at least five years of experience performing various assessments (penetrations tests of systems and networks within a DOD Network Environment of enclave).
- At least five (5) years of experience performing penetration testing of web applications.
- At least five (5) years of experience developing specialized applications for the assessment and security testing of web applications.
- Knowledge of DOD security controls to include DISA Secure Technical Implementation Guidelines (STIG) and the DOD IA Certification and Accreditation Process and Risk Management Framework (RMF).
- Familiarity with the MITRE (Adversarial Tactics Techniques and Common Knowledge (ATT&CK) framework and Open Web Application Security Project (OWASP) for understanding, describing vulnerabilities and attack scenarios.
- Top Secret/SCI required
- Possess DoDD 8570 CSSP Auditor certification. (CEH, CySA+, Pentest+, CISA, GSNA)
- Possess DoDD 8570 IAT Level III certification. (CASP+CE, CCNP security, CISA, CISSP (or associate), GCED, GCIH, CCSP)
- Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Tuition/Training Assistance, Parental Leave, Paid Time Off, and Holidays.
Overview
At Criterion Systems, we developed a different kind of business—a company whose real value is a reputation for excellence built upon the collective skills, talents, perspectives, and backgrounds of its people. By accepting a position with Criterion Systems, you will join a group of professionals with a collaborative mindset where we share ideas and foster professional development to accomplish our goals. In addition to our great culture, we also offer competitive compensation and benefit packages, company-sponsored team building events, and advancement opportunities. To find out more about how Criterion can help you take your career to the next level please visit our website: www.criterion-sys.com. Criterion Systems is a Military/Veteran Friendly Company therefore we encourage Veterans to apply.
Responsibilities
We are seeking a mission-focused Web Application Vulnerability Assessment-SME to support and contribute to our government customer’s success in Quantico, VA!
Duties, Tasks & Responsibilities
Qualifications
Required Experience, Education, Skills & Technologies
Security Clearance Level
Certification
Benefits Offered
Criterion Systems, LLC, a Cherokee Federal Company, and its subsidiaries are committed to equal employment opportunity and non-discrimination at all levels of our organization. We believe in treating all applicants and employees fairly and make employment decisions without regard to any individual’s protected status: race, ethnicity, color, national origin, ancestry, religion, creed, sex/gender, gender identity/gender expression, sexual orientation, physical and mental disability, marital/parental status, pregnancy (including childbirth, lactation, and related medical conditions), age, genetic information (including characteristics and testing), military and veteran status, or any other characteristic protected by law. For our complete EEO/AA and Pay Transparency statement, please visit https://careers-criterion-sys.icims.com/.
About the company
Criterion Systems, Inc. is a systems integrator and cyber operations-focused company.
Notice
Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.
Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.
An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.