Remote Red Team - Pentester - Clearance Required

Access Talent Today, LLC - Washington, DC

Full-time Remote position on New 5 year contract.  

Permanent Placement or Temp to Perm available

Minimum Clearance Required: Active DoD Secret

Certifications Required: 8570 Baseline Certificate

Consider joining a team of industry experts as part of a Red Team supporting local and remote operations for a new, five-year contract serving DoD entities.

You will perform network penetration, web application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.

• Pre-Operation duties include assisting with crafting mission objectives, mission planning, setting up infrastructure, and mentoring less experienced staff.

• Post- operation activities include writing precise/accurate reports and effectively presenting findings to both technical and executive audiences.

Duties and Responsibilities:

• Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery.

• Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure.

• Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering.

• Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement.

• Safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices.

• Evade EDR devices such as CarbonBlack and Falcon to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives.

• Demonstrate expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure.

• Carefully document and log all exploitation activities.

• Continually exercise situational awareness in order quickly identify any instances of cohabitation.

• Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s).

• Demonstrate new vulnerabilities and assist Network Defenders (Blue Team) with the refinement of detection capabilities.

• Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents.

• Communicate effectively with team members and clients in the course of an engagement. Ability to think unconventionally in order to develop novel adversarial TTPs.

• Keep current with training and the latest offensive security techniques.

 

Requirements:

• Possess specialized experience in Red Teaming, Computer Network Attack (CNA), Computer Network Exploitation (CNE), Computer Network Defense (CND), Bug Bounties, or Penetration Testing.

• Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography.

• Experience with offensive tool sets like Kali Linux, Metasploit, CobaltStrike, CommandoVM, BlackArch Linux, Parrot OS, etc.

• Experience with at least one of the following scripting languages: PowerShell, Bash, Python, or Ruby. Experience in using network protocol analyzers and sniffers, as well as ability to decipher packet captures. Candidate must have an active Secret Clearance.

• Possess strong analytical and problem-solving skills.

• Habitually practice excellent independent, disciplined, organizational, and personal project management skills. Proven ability to work effectively with management, staff, vendors, and external consultants.

• Capable of simultaneously managing multiple projects from start to finish.

• Exceptional written skills and able to explain highly technical topics to a wide range of audiences.

• Maintain minimum required professional certifications to meet DoD 8570 requirements, including CEH, SEC+, CySA+, PenTest+, CCNP, CISSP, GCIH CISM, etc.

 

Preferred Professional and Technical Expertise

• A Bachelor’s Degree (or higher) and five (5) years of recent specialized experience in Pentesting, Red-Teaming.

• A relevant PenTest Certification from organizations such as SANS (GPEN, GWAPT, GAWN, GCPN, GXPEN), eLearnSecurity (eCPPT, eCPTX, eWPTX, eCXD);

• Offensive Security Certs (OSCP, OSWP, OSEP, OSWE, OSED, OSEE)

• OR demonstrable equivalent skills AND seven (7) years of recent specialized experience

Additional Requirements and Skills:

Occasional lifting of 25 pounds+ may be required. Prior Military experience is desirable

 



Posted On: Tuesday, October 5, 2021



Apply to this job
  • Additional Information