715 – Web Applications Security Program (WASP) Lead - Secret Clearance Minimum
Zeneth Technology Partners
 Alexandria, VA
Zeneth is looking for a Web Applications Security Program (WASP) Lead that enjoys working in a highly collaborative, fast-paced environment to join our growing Federal Cybersecurity Practice. This is a vital role to help ensure the security of our nation’s infrastructure.  If you have a passion and a desire to lead a team to help protect critical assets from cyber attacks, this role is perfect for you.  In this role, you will lead a web application assessment team that performs assessments using industry leading tools such as HP WebInspect. You will act as the primary interface and lead for your team while also being an active participant in the assessment process while managing the delivery of staff assignments, as needed. This position will require occasional travel to other locations throughout the US and is located in Alexandria, VA.

Ideal candidates should possess the following skills and execute tasks as described below:
·         7+ years of experience conducting web application security assessments
·         7+ years of experience as a manager and leader
·         Hands-on experience managing and configuring HTTPS and DNS on devices such as firewalls, IDS/IPS, network devices, web servers, etc.
·         Intimate knowledge of the OSI model and TCP/IP stack to include common ports, protocols and services
·         Knowledge of one or more of the following cyber security systems:
o   DoD Host Based Security System (HBSS)
o   Assured Compliance Assessment Solution (ACAS)
o   Continuous Monitoring and Risk Scoring (CMRS)
o   Joint Incident Management System (JIMS)
o   Enterprise Mission Assurance Support Service (eMASS)
o   DHS Information Assurance Compliance System (IACS)
·         Provide services with maintaining WASP for customer owned/managed websites in accordance with ref DoD Instruction (DODI) 8530.01 which mandates vulnerability and assessments for all IT assets within DoD. Web application scanning requirements include but are not limited to scanning all classified and unclassified web sites on a semi-annual basis; identify security weaknesses; recommend corrective actions; and complete other ad-hoc web scans as requested. Assistance includes the development of Security Assessment and Vulnerability Reports for scans completed.
·         Knowledge of open security testing standards and projects, including OWASP and ATT&CK
·         Provide basic networking troubleshooting techniques in support of Security Assessments, DISA CCRI, Website scanning and Network Vulnerability Scanning implementations
·         Perform security assessments for hardware, software, websites and other IT technologies, as requested.
·         Provide cyber security recommendations, guidance, and support of common web application and database technologies to include but not limited to JavaScript, Web Application Programming Interfaces (API), HyperText Markup Language (HTML), eXtensible Markup Language (XML), Document Object Model (DOM), Hypertext Preprocessor (PHP), Structured Query Language (SQL), Python, AJAX use and Secure Sockets Layer (SSL)/Transport Layer Security (TLS).
·         Provide support in the resolution of technical security issues and perform the following assessments to include Vulnerability Assessments, Blue Team / Security Assessments, Web application scanning, Web Server / Web Application Scanning / System Vulnerability Assessments and Security Technical Implementation Guide (STIG) Analysis assessments.
·         Protect the customer’s portion of the DoDIN from cyber threats, both foreign and domestic, through the use of cybersecurity systems, in combination with Techniques, Tactics, and Procedures (TTP) and information sharing with DOD, DHS, and other federal agencies.
·         Support the Independent Verification & Validation (IV&V) scanning program for enterprise C4IT systems by maintaining the customer’s web application security program requirements. IV&V scanning requirements include but not limited to monthly vulnerability scans on IT systems connected to classified and unclassified enterprise networks.
·         Support the development of Security Assessment and Vulnerability Reports for scans completed.
·         Support performing security assessments for all IT systems, to include hardware, software, websites and other IT technologies, as requested.
·         Support the development of Security Assessment and Vulnerability Reports for all security assessments
·         Perform both pre-CCRI and post-CCRI security assessments and reporting requirements on units scheduled for DISA CCRI.
·         Assist in the coordination and implementation of IA policies, procedures, and training programs. Identify and report gaps in the existing IA policy and procedures and provide recommendations.
·         Evaluate emerging Security Information Appliance technologies for potential implementation.
·         Support operations on a variety of Information Assurance tools including but not limited to standalone versions of Tenable Nessus (a.k.a. ACAS), and Hewlett Packard (HP) Web- Inspect applications.
·         Provide recommendations on configuration changes, updates and vulnerability analysis for the ACAS tool when needed.
·         Support the requirements and capabilities of web site security review for web filtering and trusted sites, and web site certificates.
·         Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff
·         Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action.
·         Direct and/or implement operational structures and processes to ensure an effective enclave IA security program including boundary defense, incident detection and response, and key management.
·         Examine enclave vulnerabilities and determine actions to mitigate them.
·         Analyze IA security incidents and patterns to determine remedial actions to correct vulnerabilities.
·         Provide support for IA customer service performance requirements.
·         Provide support for the development of IA related customer support policies, procedures, and standards.
·         Provide OJT for IAT Level I and II DoD personnel.
·         Analyze IAVAs and Information Assurance Vulnerability Bulletins for enclave impact and take or recommend appropriate action.
·         Demonstrates exceptional troubleshooting methodology and solving problem skills
·         Prior military experience in an active duty, reserve or support contractor role is highly preferred

Basic Qualifications:
·         Bachelor of Science degree in Computer Science, Management Information Systems, or a field related to technology or equivalent. Additional experience can be substituted for a degree.
·         Active security certifications at both the DoD 8570 IAT Level III (e.g., CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH and CSSP-AU (e.g., CEH, CySA+, CISA, GSNA, CFR) levels.
·         Excellent verbal and written communication skills with the ability to communicate clearly and effectively based on the audience
·         Candidates should already have an active Secret security clearance at a minimum with the ability to upgrade to TS/SCI if required
·         Works well in a team environment

Zeneth is an Equal Opportunity Employer (EOE), qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.