Red Team Penetration Tester

About The Position

Requirements

• Five (5) years' experience in software engineering applied to program development; modeling and simulation applied to DoD or Information Technology systems.
• Linux and Windows
• Strong working knowledge of common Penetration Testing (PENTEST) tools: Kali, Metasploit, NMAP, Cobalt Strike
• Penetration Testing (PENTEST)
• Red Team Operations
• Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties)
• Python, C, C Sharp, C++, Go, Perl, Powershell
• Web Dev/Web App Dev/Web Penetration testing
• NSX, vCenter, vRealize Suite, Horizon View (VDI) and others
• PAN-OS FirePower, Nexus, IOS, ASA
• ONTAP, SnapMirror
• Active-Directory
• Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation.
• Automation using Powershell, PowerAutomate, Logic Apps, Graph API.
• Microsoft Entra ID and Microsoft 365 in a hybrid environment.
• Experience with Palo Alto, Cisco, VMWare, NetApp and Microsoft products.
• Extending or integrating on premises AD with Entra ID.
• Managing identity and access in Microsoft Entra ID.
• Experience conducting Red Team operations in an MDE environment.
• Experience with AWS, Cloud Audit, Serverless and Microservice Architecture
• Experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
• Experience with Web Services penetration testing (RESTful and SOAP)
• Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
• PHP, ASP, SQL db's, Java, HTML, No SQL
• Minimum certification one of the following: Security+, CCNA Security, CySA+, GICSP, SSCP
• Minimum certification as penetration tester and possess one of the following certificates: Offensive Security Certs: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP) SANS Certs: SEC560 - Network Penetration testing and Ethical Hacking (GPEN Certification), SEC542 - Web App Penetration Testing and Ethical Hacking (GWAPT Certification), SEC660 - Advance Penetration Testing. Exploit Writing, and Ethical Hacking (GXPN Certification), SEC642 - Advanced Web App Penetration Testing and Ethical Hacking, SEC564 - Red Team Operations and Threat Emulation
• OSD Sponsored Cyber Operation Academy Course (COAC) graduates.
• Capture the Flag (CTF) participation (DEFCON, Over-The-Wire (OTW), Hack the Box, USS Secure CTF's)
• Security research resulting in a Common Vulnerabilities and Exposures (CVE)
• An ACTIVE Top Secret Clearance with SCI Eligibility is required for this position. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. US Citizenship is required to obtain a clearance.

Responsibilities

• Debug and reverse engineer software.
• Analyze Windows Events and Linux syslog's, boot logs and dmesg logs.
• Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel and Rational ClearCase for software configuration management.
• Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel and Rational ClearCase for software configuration management.
• Recommend software modifications to systems to mitigate known vulnerabilities.
• Operate and administrate computer systems running HP-UX, UNIX, Solaris, Linux and Microsoft Windows.
• Identify security flaws in compiled and human readable source code.
• Understand code utilizing real-time VxWorks and Lynx OS operating systems, Common Object Resource Broker Architecture (CORBA), firewalls and networking protocols.
• Understand how to implement NSA approved encryption technologies and devices.
• Apply DISA Security Technical Implementation Guides (STIGs).
• Apply virtual hosting and server technology in system architectures.
• Understand and apply the concept of deceptive technology such as honey pots in system architectures.
• Participate in Code Reviews.
• Perform Static Source Code Analysis.
• Author recommendations for improving software and code design.
• Contribute to a System Security Administrator and Operators Manual (SSAOM)

Benefits

• Medical, dental, vision, and prescription drug coverage
• Employee Stock Ownership Plan (ESOP)
• Competitive 401(k) programs
• Retirement and Financial Counselors
• Health Savings and Health Reimbursement Accounts
• Flexible Spending Accounts
• Life insurance, short- & long-term disability
• Continuing Education Assistance
• Paid Time Off, Paid Holidays, Paid Leave (e.g., Maternity, Paternity, Jury Duty, Bereavement, Military)
• Third Party Employee Assistance Program that offers emotional and lifestyle well-being services, to include free counseling
• Supplemental Benefit Program