Exploitation Analyst

About The Position

Requirements

• Possess at least one of the following technical certifications: Offensive Security Certified Professional (OSCP), Web Application Penetration Tester (WAPT), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), or Cisco Certified Network Associate (CCNA).
• 7+ years of experience developing, reviewing, and implementing mission area-related policy, doctrine, and development of Navy concepts, doctrine, tactics, techniques, and procedures.
• 7+ years identifying mission area-related concepts and technologies for new innovative application within the Navy’s experimentation process.
• 7+ years developing and supporting development of Navy mission areas-related operational concepts, tactics, and experimental concepts and technologies.
• 7+ years planning and executing Joint/Navy experimentation with mission area-related concepts and capabilities.
• Familiarity with Risk Management Framework, Cybersecurity requirements during the acquisition lifecycle (i.e. Developmental and Operational Testing).
• Experience working with Operational Testing Agencies (i.e. COMOPTEVFOR, ATEC, AFOTEC, MCOTEA, JITC).
• 7+ years of demonstrated prior experience in the execution of mission area-related capabilities at the tactical level.
• Have a working level ability at least one of the following programing languages: Python, C++, JavaScript, or Ruby.

Responsibilities

• Create test plans for cybersecurity penetration testing during developmental testing (DT) and operational testing (OT).
• Execute DT and OT plans to discover in depth vulnerabilities and usable exploitations in a system and/or organization.
• Produce written reports and briefs on the results of penetration tests.
• Use commercial and open-source network cyber assessment tools (e.g. Core Impact, Nmap, Metasploit, and Nessus).
• Exploit common vulnerabilities and misconfigurations associated with common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.).
• Assist with procuring, managing, and training for operational infrastructure and tactics associated with Red Team types of “attack platforms.”
• Conduct planning and execute Red Teaming, Penetration Testing, and/or Capture the Flag events.
• Research various cyber actors’ TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into Cyber Red Teaming or penetration test operations.
• Develop and utilize testing methodology for threat emulation and vulnerability validation.
• Develop Operational Risk Management (ORM) concepts and matrixes to support operations and exercises.
• Support execution of and help in development of TTPs for physical penetration testing or Red Teaming.
• Develop products and materials required to support TTP development working groups, planning groups, operational planning teams, conferences, tabletop exercises, war games and operational experiments.