Overview
Skills
Job Details
Cyber Red Team Operator (Penetration Testing, Senior Associate)to perform on-net adversarial threat emulation (Red Teaming) and penetration testing of platform IT and networks for Event Planning and Operations supporting the Department of Defense (DoD) National Cyber Range Complex (NCRC). This facility supports the mission to provide realistic cybersecurity environments for test and evaluation of major DoD acquisition programs and to enable the conduct of realistic training and certification events for the DoD Cyber Mission Force. The NCRC facility may also support non-DoD customers such as Department of Homeland Security (DHS), industry, academia, and international partners.
This position currently requires an on-site schedule with 5 days on-site and is eligible for Compressed Work Schedule (CWS).
Responsibilities
- Working closely with our government customer, perform adversarial threat emulation (Red Teaming) and penetration testing to assess the performance of aeronautical systems, subsystems, and equipment (platform IT).
- Working closely with our government customer, perform adversarial threat emulation (Red Teaming) and penetration testing assessments on government networks including Windows domains, Linux systems, switches, routers, and other connected network devices.
- Apply and/or develop highly advanced principles, concepts, and tactics.
- Identify issues and vulnerabilities associated with operational networks and programs.
Travel
Up to 10% of the time to CONUS sites as required.
Required Qualifications
- At least 10 years of pen testing, red team operations, and/or offensive security experience including experience conducting on-net assessments
- Experience operating open source and commercial tools such as Metasploit, Burp Suite, Cobalt Strike, NMAP, Core Impact, etc.
- Working knowledge of IP network protocols, subnetting, routing, switching, etc.
- Experience in one or more of the following cybersecurity disciplines:
- Penetration testing of modern Windows and Linux operating systems and IP-based networks
- Exploit and malware development targeting modern operating systems and defenses
- Reverse engineering
- Web application penetration testing
- Software development
- Hardware hacking
- Cryptography
- Software defined networks
- Digital forensics
- Control systems
- Radio Frequency (RF)
- Ability to work in a diverse team environment
- Industry certification of EC-Council Certified Ethical Hacker (C|EH) and ISC2 Certified Information Systems Security Professional (CISSP) or their equivalents are required
- Be able to obtain one or more of the following vendor certifications within 6 months of being hired:
- Offensive Security Certified Engineer (OSCE)
- Offensive Security Certified Professional (OSCP)
- GIAC Certified Exploit Researcher and Advanced Penetration Testers (GXPN)
Desired Qualifications
- Cyber related military training courses such as Title 10 Interactive On-Net Operator Course, Joint Cyber Analysis Course (JCAC), and Cyber Operations Specialist Qualification Course
- Industry certification of Offensive Security Certified Professional (OSCP) is highly desirable
- Specialization in web application penetration testing is a plus
- Experience with WiFi and/or Software Defined Radio (SDR) hacking is a plus
- Experience with red team / adversarial emulations is a plus
- Experience executing Close Access Team (CAT) assessments is a plus
- Experience with weapon systems assessments is a major plus
- Experience with bash scripting, Python, and/or PowerShell is a major plus
- Experience working in a cyber range is a major plus
Education
Bachelor s degree from an accredited college in a related discipline, or equivalent experience/combined education and/or advanced certification.
Clearance
All applicants for this position must hold a current Top-Secret clearance with the ability to obtain and maintain SCI eligibility; please note that the clearance process takes into account financial background aspects.