Oasis Systems is looking for a Cybersecurity III -ISSM to support the Business Enterprise Systems Programming Innovation (BESPIN) at Maxwell-Gunter Air Force Base in Montgomery, AL. BESPIN is responsible for providing comprehensive IT solutions to the over 750,000 military, civilian, and contractor personnel working in the USAF and managing a portfolio consisting of over 140 applications that must be actively maintained and modernized. As well as developing the AF automated mobile pipeline and Kubernetes platform to enable scalable production environments under a Continuous Authority To Operate supporting continuous integration and continuous deployment for customers DoD wide.

TRAVEL: Less than 5%

SECURITY CLEARANCE: Secret (Required) and U.S. Citizenship is required for all applicants

EDUCATION:

BS in Computer Science, Engineering, Information Systems, or other related technical discipline 8 years of directly related experience, 5 of which must be in the DoD; or 15 years of directly related experience, 8 of which must be in the DoD

CERTIFICATIONS:

At a minimum, the successful candidate will meet the requirements for and maintain an IAT or IAM Level III Cybersecurity certification by possessing at least one of the following certifications as directed by DoD 8140 and outlined in DoD 8570.01 -M, Appendix3, Table 2,2 AFMAN 17-1303:

OTHER QUALIFICATIONS/SKILLS:

• Working knowledge of the Agile Development methodologies; Scrum, Kanban, etc.
• Experience using any, or all, of the following tools (Desired):
• o CheckMarx
• o SonarQube
• o Jira
• o Confluence

RESPONSIBILITIES:

• Conduct automated penetrations testing of web applications and APIs for susceptibility to SQL injections, command injections, Cross-Site Scripting, and Cross Site Request Forgery vulnerabilities using commercial and open source tools such as OWASP ZAP, Burp, and HCL AppScan;
• Conduct automated vulnerability scanning against supporting infrastructure components using commercial and open source scanning tools such as nikto, nessus, nmap, and metasploit;
• Conduct automated credentialed vulnerability scanning against databases using commercial and open source scanning tools;
• Conduct manual testing of infrastructure and web applications to identify, test and validate security vulnerabilities;
• Conduct code review and analysis to assess the security posture using static code analysis tools such as Fortify, Checkmarx, and Coverity;
• Pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews;
• Conduct reviews of system configurations for identification of security weaknesses or misconfigurations;
• Assess compliance posture against regulatory requirements such as NIST SP 800-53;
• Analyze security findings, including risk analysis and root cause analysis;
• Develop Security Test Report to document security testing, validated security vulnerabilities, mitigations, remediations, and course of actions;
• Brief pen test results with appropriate management; and,
• Coordinate with CDMs, ISSMs, ISSOs, and developers to remediate and correct security vulnerabilities.

Who We Are

Oasis Systems is a premier provider of customer-driven, cost-effective, and quality Engineering Services; Enterprise Systems and Applications; Human Factors Engineering; Information Technology and Cyber Security; Professional Services; and Specialized Engineering Solutions to the Department of Defense, Federal Aviation Administration, Nuclear Regulatory Commission, and other Federal Agencies.

We strive to be an exciting and welcoming company that attracts, develops, motivates and retains the most talented, skilled and dedicated people in the industry; where they are encouraged to achieve personal excellence, purpose, and their full potential and career aspirations, while supporting mission-critical national security technologies and programs.