Join our Talent Network >

Penetration Testing Manager - Web Applications

Job ID: 2300430
Location: QUANTICO, VA, United States
Date Posted: Jan 25, 2023
Category: Cyber
Subcategory: Cybersecurity Ops
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: TS/SCI
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: No Remote
Benefits: Click here

Share: mail

Job Description

Description

SAIC is seeking a Penetration Testing Manager - Web Applications to work onsite with our customer at Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG).

This position is contingent upon contract award. If awarded, work will begin in Fall 2023.

Summary and Description: The Penetration Testing Manager - Web Applications shall be responsible for providing capabilities necessary to discover vulnerabilities in both internal and public facing web applications and web security appliances (Web Application Firewalls) through no-notice and cooperative security assessments and automated scanning.  Assessments will be performed at the direction of and under the supervision of Government personnel.  The Government directed twelve manual pen-testing campaigns during calendar year 2021 which focused on sites affected by priority threats.  Campaigns lasted thirty days each and the number of sites tested during a campaign varied from 5-15.  Contractor staff will open records for any findings resulting from these campaigns and validate reported fix actions.  Automated web vulnerability scanning is conducted continuously and encompasses about 700 total Uniform Resource Locators (URLs).  Contractor staff will manually validate vulnerabilities found during automated scanning and open records for those validated findings.

Duties and Responsibilities:

  • Implement a repeatable and documented assessment methodology (NIST SP 800-115).
  • Assist the Government to determine the objectives of each security assessment, and tailor the approach accordingly (NIST SP 800-115).
  • Perform manual web application penetration tests on both internal and external systems to identify vulnerabilities such as those listed in the Open Web Application Security Project (OWASP) Top 10, the Mitre ATT&CK matrix, Mitre Common Attack Pattern Enumeration and Classification (CAPEC), Mitre Common Weakness Enumeration (CWE), or other sources.
  • Operate automated web application vulnerability scanning and situational awareness tools including but not limited to Acunetix, WebInspect, Netsparker, and Expanse eXpander.
  • Analyze findings and develop risk mitigation techniques to address weaknesses.
  • Validate the remediation of findings reported by system owners.  
  • Advise system owners on strategies for remediating vulnerabilities when necessary.
  • Evaluate systems and applications for compliance with applicable DOD, DON, and other government IT Security Policies (i.e. Secure Technical Implementation Guides).
  • Provide reports detailing findings from each manual pen-testing campaign.
     

Qualifications

Position Requirements:

  • Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
  • 5+ years serving as PenTester
  • CSSP Auditor
  • IAT III Certification
  • Active TS/SCI Clearance

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are approximately 26,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.

Share: mail

Similar Jobs

Cyber Defense Manager

QUANTICO, VA, United States
Cyber

Penetration Testing Manager - Web Applications

QUANTICO, VA, United States
Cyber

Penetration Tester- Manager

QUANTICO, VA, United States
Cyber

Are you an SAIC Employee?

Please apply through the internal career site here >