Senior Defense Assessment Analyst (Penetration Tester) – 4125/3186/21159-5652

This job was posted by https://www.azjobconnection.gov : For more
information, please see: https://www.azjobconnection.gov/jobs/6692698

Job Description

Computer World Services, Corporation (CWS) is seeking an exceptional
candidate to serve as Defense Assessment Analyst- Senior for the US
Army Regional Cyber Center – Continental United States (RCC-CONUS)
program responsible for performing non-personal Information Technology
(IT) Services and support requirements. RCC-CONUS is responsible to
operate, manage, and defend the Armys NIPRNet and Secure Internet
Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the
NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as part of a larger
joint environment, responding to the Theater Combatant Commanders, the
ARCYBER, and the Army Cyber Commands Army Cyberspace Operations and
Integration Center (ACOIC), which operates the GIG in support of
Department of Defense (DoD) operations around the world. Services
include Network and System Modernization, Cyber Defensive Operations,
Defensive Cyber Assessments, Defensive Cyber Infrastructure Support,
Threat & Data Analytics, DoDIN Operation Support, Network Management,
Systems Management, IT Lifecycle Management, IT Service Management
(ITSM), Portfolio/IT Investment Management, and Theater Operations and
Service Desk support.

The candidate will lead and participate in analysis of actual and
predictable interacting operational activities of business to obtain a
quantitative, rational basis for decision making through the application
of logic and scientific or economic disciplines and techniques.

Key Tasks and Responsibilities

– Leverage a lab environment provided by the RCC-C for the purpose of
malware analysis, development and testing of sensor
signatures/rulesets, and the execution of penetration testing
tactics, techniques, and procedures (TTPs) to determine the risk of
exploits and vulnerabilities.
– Responsible for conducting both local and remote penetration testing
designed to emulate current threat models to the Army network to
execute an assessment of the defensive security posture.
– Conduct approximately, thirty-six (36), week-long CDAP missions
annually consisting of both NAV and PPT mission areas based on
Government prioritization and direction.
– Responsible for augmenting the Government in assessing a
post/camp/station (P/C/S) and/or an organizations security
enclave, by means of trends and analysis to prioritize NAV visits.
– Conduct one NAV per month (on average) IAW established BBP,
regulations, policies, and procedures, and as requested. NAVs
require travel to a remote site to execute on-site penetration
testing over a one-week period, or longer depending on the
requirements of the mission.
– Utilize approved tools to execute penetration testing of the remote
site by utilizing established documentation and the ROE.
– Execute phishing campaigns in conjunction with the penetration
testing to gain a foothold into the network.
– Develop and present a final out brief to discuss the findings of the
mission, trends observed, and any recommendations/mitigation actions
which need to be executed.
– Responsible for securing all equipment and coordinate with shipping
personnel to ensure equipment returns to home station.
– Execute high-risk web assessments, non-notice penetration testing of
assets, on-demand testing of network devices, and other activity
required to assess the defensive posture of the targeted network.
– Execute research to develop payloads used during penetration testing
and/or phishing that emulates the current threats to the Army
networks, to test whether defensive devices will detect this
activity proactively rather than identifying failures during an
actual attack from external adversaries.
– Di seminate information to the CDO and Threat and Data Analytics
(T&DA) branches, as well as RCC-CONUS Operations to allow defensive
measures to be enacted to increase the defensive security posture
within the CONUS Theater.

Education & Experience

– BA /BS or an MA/MS preferred from an accredited university
(required)
– Minimum of 12 years of related IT experience (required)
– Substitution Allowance (MA/MS with 10 years experience can be
substituted for above requirements)

Certifications

– Certified Penetration Tester (GPEN)
– Certified Ethical Hacker (CEH)
– IAT II Certification (Security, etc.

Security Clearance

– Top Secret/SCI clearance (Required)
– US Citizen or permanent resident

Other (Travel, Work Environment, Administrative Notes, etc.)

– Travel to CONUS and OCONUS locations to meet mission requirements
and undergo training maybe required. The support outside Fort
Huachuca, AZ including OCONUS if required, will be designated as
TDY.

Computer World Services is an affirmative action and equal employment
opportunity employer. Current employees and/or qualified applicants will
receive consideration for employment without regard to race, color,
religion, sex, disability, age, sexual orientation, gender identity,
national origin, disability, protected veteran status, genetic
information or any other characteristic protected by