Senior Defense Assessment Analyst (Penetration Tester)

Job Description

Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Defense Assessment Analyst- Senior for the US Army Regional Cyber Center - Continental United States (RCC-CONUS ) program responsible for performing non-personal Information Technology (IT) Services and support requirements.

RCC-CONUS is responsible to operate, manage, and defend the Army's NIPRNet and Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the NIPRNet and SIPRNet DoDIN-A.

The RCC-CONUS functions as part of a larger joint environment, responding to the Theater Combatant Commanders, the ARCYBER, and the Army Cyber Command's Army Cyberspace Operations and Integration Center (ACOIC), which operates the GIG in support of Department of Defense (DoD) operations around the world.

Services include Network and System Modernization, Cyber Defensive Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure Support, Threat & Data Analytics, DoDIN Operation Support, Network Management, Systems Management, IT Lifecycle Management, IT Service Management (ITSM), Portfolio / IT Investment Management, and Theater Operations and Service Desk support.

The candidate will lead and participate in analysis of actual and predictable interacting operational activities of business to obtain a quantitative, rational basis for decision making through the application of logic and scientific or economic disciplines and techniques.

Key Tasks and Responsibilities

• Leverage a lab environment provided by the RCC-C for the purpose of malware analysis, development and testing of sensor signatures / rulesets, and the execution of penetration testing tactics, techniques, and procedures (TTPs) to determine the risk of exploits and vulnerabilities.
• Responsible for conducting both local and remote penetration testing designed to emulate current threat models to the Army network to execute an assessment of the defensive security posture.
• Conduct approximately, thirty-six (36), week-long CDAP missions annually consisting of both NAV and PPT mission areas based on Government prioritization and direction.
• Responsible for augmenting the Government in assessing a post / camp / station (P / C / S) and / or an organization's security enclave, by means of trends and analysis to prioritize NAV visits.
• Conduct one NAV per month (on average) IAW established BBP, regulations, policies, and procedures, and as requested. NAVs require travel to a remote site to execute on-site penetration testing over a one-week period, or longer depending on the requirements of the mission.
• Utilize approved tools to execute penetration testing of the remote site by utilizing established documentation and the ROE.
• Execute phishing campaigns in conjunction with the penetration testing to gain a foothold into the network.
• Develop and present a final out brief to discuss the findings of the mission, trends observed, and any recommendations / mitigation actions which need to be executed.
• Responsible for securing all equipment and coordinate with shipping personnel to ensure equipment returns to home station.
• Execute high-risk web assessments, non-notice penetration testing of assets, on-demand testing of network devices, and other activity required to assess the defensive posture of the targeted network.
• Execute research to develop payloads used during penetration testing and / or phishing that emulates the current threats to the Army networks, to test whether defensive devices will detect this activity proactively rather than identifying failures during an actual attack from external adversaries.
• Disseminate information to the CDO and Threat and Data Analytics (T&DA) branches, as well as RCC-CONUS Operations to allow defensive measures to be enacted to increase the defensive security posture within the CONUS Theater.

Education & Experience

• BA / BS or an MA / MS preferred from an accredited university (required)
• Minimum of 12+ years of related IT experience (required)
• Substitution Allowance (MA / MS with 10+ years' experience can be substituted for above requirements)

Certifications

• Certified Penetration Tester (GPEN)
• Certified Ethical Hacker (CEH)
• IAT II Certification (Security+, etc.

Security Clearance

• Top Secret / SCI clearance (Required)
• US Citizen or permanent resident

Other (Travel, Work Environment, Administrative Notes, etc.)

Travel to CONUS and OCONUS locations to meet mission requirements and undergo training maybe required. The support outside Fort Huachuca, AZ including OCONUS if required, will be designated as TDY.

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and / or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations.

If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and / or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at

314.952.5138

DoD 8570.01.M :

http : / / www.dtic.mil / whs / directives / corres / pdf / 857001m.pdf