Advanced Red Team Operator

Sentar•Norfolk, VA

About The Position

Sentar is proud to be an employee-owned company, fostering a culture of empowerment, collaboration, and innovation. Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the team where you can build, innovate, and secure your career. Sentar is seeking an Advanced Red Team Operator in Norfolk, VA! Role Description: Review and become proficient in OPTEVFOR cyber-T&E concept of operations, SOPs, policies and guidance. Maintain and participate in the development of 01D SOPs and documentation for DCAT authorization established in DoDI 8585.01. Research, review, prioritize, and submit operational requirements for acquisition of equipment or cyber capabilities, following the 01D tool approval process. Support development and execution of TTPs for penetration testing or Red Teaming. Research adversary cyber actors TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into cyber survivability test planning and execution. Participate in OPTEVFOR Cyber Test planning: Conduct open-source research and system under test documentation review to familiarize with the systems mission, architecture and interfaces including critical components to identify its attack surface and threat vectors Participate in check point meetings Guide development of test plan objectives Review test plans, ensuring that test plans objectives are feasible Participate in test planning site visits Participate in test preparation: Participate in site pre-test coordination visits. Support in-brief to the test site. Lead red team test plan review Add relevant system technical information to test reference library Organize and lead research presentations for advanced capability development in support of future tests Prepare OPTEV-RT test assets (Government Furnished) Execute test events, including Cooperative Vulnerability Penetration Assessments, Adversarial assessments, and Cyber Tabletops, in support of Operational Testing, Developmental Testing, risk reduction events, or other events, as assigned. Use OPTEVFOR provided and NAO approved commercial and open-source network cyber assessment tools (e.g. Core Impact, Nmap, Burp, Metasploit, and Nessus). Employee ethical hacking expertise to exploit discovered vulnerabilities and misconfigurations associated with but not limited to operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.) to accomplish test objectives Be able to accomplish testing independently and provide direction to basic and intermediate operators Ensure tests are conducted safely, in accordance with the test plan, and OPTEVFOR policies are adhered to. Follow Joint Forces Headquarters (JFHQ)-DODIN deconfliction procedures Verify collected data for accuracy and completeness. Participate in the post-test iterative process, including generation of documents (e.g. deficiency/risk sheets) Document lessons learned. Participate in capture the flag events, cyber off sites, external engagements such as red team huddles and red team technical exchange meetings; develop required products and materials in support of these events. Attend OPTEVFOR required meetings in support of OT&E. Generate and update documentation to maintain DCAT authorization compliance per DoDI 8585.0.

Requirements

Clearance Level: TS/SCI
Minimum 6 years experience performing any combination of: penetration testing, red teaming, or exploitation development.
Minimum 6 years with proficiency in leading red team operators in penetration testing/red teaming to accomplish assigned test objectives.

Responsibilities

Review and become proficient in OPTEVFOR cyber-T&E concept of operations, SOPs, policies and guidance.
Maintain and participate in the development of 01D SOPs and documentation for DCAT authorization established in DoDI 8585.01.
Research, review, prioritize, and submit operational requirements for acquisition of equipment or cyber capabilities, following the 01D tool approval process.
Support development and execution of TTPs for penetration testing or Red Teaming.
Research adversary cyber actors TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into cyber survivability test planning and execution.
Participate in OPTEVFOR Cyber Test planning
Conduct open-source research and system under test documentation review to familiarize with the systems mission, architecture and interfaces including critical components to identify its attack surface and threat vectors
Participate in check point meetings
Guide development of test plan objectives
Review test plans, ensuring that test plans objectives are feasible
Participate in test planning site visits
Participate in test preparation
Participate in site pre-test coordination visits.
Support in-brief to the test site.
Lead red team test plan review
Add relevant system technical information to test reference library
Organize and lead research presentations for advanced capability development in support of future tests
Prepare OPTEV-RT test assets (Government Furnished)
Execute test events, including Cooperative Vulnerability Penetration Assessments, Adversarial assessments, and Cyber Tabletops, in support of Operational Testing, Developmental Testing, risk reduction events, or other events, as assigned.
Use OPTEVFOR provided and NAO approved commercial and open-source network cyber assessment tools (e.g. Core Impact, Nmap, Burp, Metasploit, and Nessus).
Employee ethical hacking expertise to exploit discovered vulnerabilities and misconfigurations associated with but not limited to operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.) to accomplish test objectives
Be able to accomplish testing independently and provide direction to basic and intermediate operators
Ensure tests are conducted safely, in accordance with the test plan, and OPTEVFOR policies are adhered to.
Follow Joint Forces Headquarters (JFHQ)-DODIN deconfliction procedures
Verify collected data for accuracy and completeness.
Participate in the post-test iterative process, including generation of documents (e.g., deficiency/risk sheets)
Document lessons learned.
Participate in capture the flag events, cyber off sites, external engagements such as red team huddles and red team technical exchange meetings; develop required products and materials in support of these events.
Attend OPTEVFOR required meetings in support of OT&E.
Generate and update documentation to maintain DCAT authorization compliance per DoDI 8585.0.

Benefits

Our unique ownership model attracts top talent, giving employees the freedom to take initiative and drive meaningful improvements.
In addition to cultivating a thriving and inclusive work environment, Sentar offers an extensive benefits package designed to support the well-being of employees and their families.
Employee ownership is the foundation of our culture, promoting participation, teamwork, and accountability while ensuring long-term financial security and a commitment to excellence.
Voluntary Medical, Dental, Vision, with Health Savings or Flexible Spending Plan options
Voluntary Life, Critical Illness, Accident, and Long Term Care insurance options
Group Term Life, Short-Term and Long-Term Disability is provided by Sentar to all qualifying employees
Generous 401(k) match
Competitive PTO plan that graduates quickly with years of service
Other leave programs; holiday schedule along with bereavement, maternity, jury and military duty
Mental health awareness programs
Tuition reimbursement
Professional development reimbursement
Recognition and Awards programs