Full-time Remote position on New 5 year contract.
Permanent Placement or Temp to Perm available
Minimum Clearance Required: Active DoD Secret
Certifications Required: 8570 Baseline Certificate
Consider joining a team of industry experts as part of a Red Team supporting local and remote operations for a new, five-year contract serving DoD entities.
You will perform network penetration, web application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
• Pre-Operation duties include assisting with crafting mission objectives, mission planning, setting up infrastructure, and mentoring less experienced staff.
• Post- operation activities include writing precise/accurate reports and effectively presenting findings to both technical and executive audiences.
Duties and Responsibilities:
• Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery.
• Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure.
• Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering.
• Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement.
• Safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices.
• Evade EDR devices such as CarbonBlack and Falcon to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives.
• Demonstrate expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure.
• Carefully document and log all exploitation activities.
• Continually exercise situational awareness in order quickly identify any instances of cohabitation.
• Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s).
• Demonstrate new vulnerabilities and assist Network Defenders (Blue Team) with the refinement of detection capabilities.
• Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents.
• Communicate effectively with team members and clients in the course of an engagement. Ability to think unconventionally in order to develop novel adversarial TTPs.
• Keep current with training and the latest offensive security techniques.
• Possess specialized experience in Red Teaming, Computer Network Attack (CNA), Computer Network Exploitation (CNE), Computer Network Defense (CND), Bug Bounties, or Penetration Testing.
• Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography.
• Experience with offensive tool sets like Kali Linux, Metasploit, CobaltStrike, CommandoVM, BlackArch Linux, Parrot OS, etc.
• Experience with at least one of the following scripting languages: PowerShell, Bash, Python, or Ruby. Experience in using network protocol analyzers and sniffers, as well as ability to decipher packet captures. Candidate must have an active Secret Clearance.
• Possess strong analytical and problem-solving skills.
• Habitually practice excellent independent, disciplined, organizational, and personal project management skills. Proven ability to work effectively with management, staff, vendors, and external consultants.
• Capable of simultaneously managing multiple projects from start to finish.
• Exceptional written skills and able to explain highly technical topics to a wide range of audiences.
• Maintain minimum required professional certifications to meet DoD 8570 requirements, including CEH, SEC+, CySA+, PenTest+, CCNP, CISSP, GCIH CISM, etc.
Preferred Professional and Technical Expertise
• A Bachelor’s Degree (or higher) and five (5) years of recent specialized experience in Pentesting, Red-Teaming.
• A relevant PenTest Certification from organizations such as SANS (GPEN, GWAPT, GAWN, GCPN, GXPEN), eLearnSecurity (eCPPT, eCPTX, eWPTX, eCXD);
• Offensive Security Certs (OSCP, OSWP, OSEP, OSWE, OSED, OSEE)
• OR demonstrable equivalent skills AND seven (7) years of recent specialized experience
Additional Requirements and Skills:
Occasional lifting of 25 pounds+ may be required. Prior Military experience is desirable