Cyber Security Engineer - Senior

Job Description

Description

SAIC is seeking a Penetration Testing Manager - Web Applications to work onsite with our customer at Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG).

This position is contingent upon contract award. If awarded, work will begin in Fall 2023.

Summary and Description: The Penetration Testing Manager - Web Applications shall be responsible for providing capabilities necessary to discover vulnerabilities in both internal and public facing web applications and web security appliances (Web Application Firewalls) through no-notice and cooperative security assessments and automated scanning.  Assessments will be performed at the direction of and under the supervision of Government personnel.  The Government directed twelve manual pen-testing campaigns during calendar year 2021 which focused on sites affected by priority threats.  Campaigns lasted thirty days each and the number of sites tested during a campaign varied from 5-15.  Contractor staff will open records for any findings resulting from these campaigns and validate reported fix actions.  Automated web vulnerability scanning is conducted continuously and encompasses about 700 total Uniform Resource Locators (URLs).  Contractor staff will manually validate vulnerabilities found during automated scanning and open records for those validated findings.

Duties and Responsibilities:

• Implement a repeatable and documented assessment methodology (NIST SP 800-115).
• Assist the Government to determine the objectives of each security assessment, and tailor the approach accordingly (NIST SP 800-115).
• Perform manual web application penetration tests on both internal and external systems to identify vulnerabilities such as those listed in the Open Web Application Security Project (OWASP) Top 10, the Mitre ATT&CK matrix, Mitre Common Attack Pattern Enumeration and Classification (CAPEC), Mitre Common Weakness Enumeration (CWE), or other sources.
• Operate automated web application vulnerability scanning and situational awareness tools including but not limited to Acunetix, WebInspect, Netsparker, and Expanse eXpander.
• Analyze findings and develop risk mitigation techniques to address weaknesses.
• Validate the remediation of findings reported by system owners.  
• Advise system owners on strategies for remediating vulnerabilities when necessary.
• Evaluate systems and applications for compliance with applicable DOD, DON, and other government IT Security Policies (i.e. Secure Technical Implementation Guides).
• Provide reports detailing findings from each manual pen-testing campaign.
   

Qualifications

Position Requirements:

• Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
• 5+ years serving as PenTester
• CSSP Auditor
• IAT III Certification
• Active TS/SCI Clearance

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are approximately 26,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.