Red Team Penetration Tester

About The Position

Requirements

• An ACTIVE Top Secret Clearance with SCI Eligibility is required for this position. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. US Citizenship is required to obtain a clearance.
• Five (5) years' experience in software engineering applied to program development; modeling and simulation applied to DoD or Information Technology systems.
• Linux and Windows
• Strong working knowledge of common Penetration Testing (PENTEST) tools: Kali, Metasploit, NMAP, Cobalt Strike
• Penetration Testing (PENTEST)
• Red Team Operations
• Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties)
• Python, C, C Sharp, C++, Go, Perl, Powershell
• Web Dev/Web App Dev/Web Penetration testing
• NSX, vCenter, vRealize Suite, Horizon View (VDI) and others
• PAN-OS
• FirePower, Nexus, IOS, ASA
• ONTAP, SnapMirror
• Active-Directory
• Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation.
• Automation using Powershell, PowerAutomate, Logic Apps, Graph API.
• Microsoft Entra ID and Microsoft 365 in a hybrid environment.
• Experience with Palo Alto, Cisco, VMWare, NetApp and Microsoft products.
• Extending or integrating on premises AD with Entra ID.
• Managing identity and access in Microsoft Entra ID.
• Experience conducting Red Team operations in an MDE environment.
• Experience with AWS, Cloud Audit, Serverless and Microservice Architecture
• Experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
• Experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
• PHP, ASP, SQL db's, Java, HTML, No SQL
• Minimum certification one of the following: Security+, CCNA Security, CySA+, GICSP, SSCP
• Minimum certification as penetration tester and possess one of the following certificates: Offensive Security Certs: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP) SANS Certs: SEC560 - Network Penetration testing and Ethical Hacking (GPEN Certification), SEC542 - Web App Penetration Testing and Ethical Hacking (GWAPT Certification), SEC660 - Advance Penetration Testing. Exploit Writing, and Ethical Hacking (GXPN Certification), SEC642 - Advanced Web App Penetration Testing and Ethical Hacking, SEC564 - Red Team Operations and Threat Emulation
• OSD Sponsored Cyber Operation Academy Course (COAC) graduates.
• Capture the Flag (CTF) participation (DEFCON, Over-The-Wire (OTW), Hack the Box, USS Secure CTF's)
• Security research resulting in a Common Vulnerabilities and Exposures (CVE)

Responsibilities

• Debug and reverse engineer software.
• Analyze Windows Events and Linux syslog's, boot logs and dmesg logs.
• Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language(tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel andRational ClearCase for software configuration management.
• Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language(tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel andRational ClearCase for software configuration management.
• Recommend software modifications to systems to mitigate known vulnerabilities.Operate and administrate computer systems running HP-UX, UNIX, Solaris,Linux and Microsoft Windows.
• Identify security flaws in compiled and human readable source code. Understandcode utilizing real-time VxWorks and Lynx OS operating systems, CommonObject Resource Broker Architecture (CORBA), firewalls and networkingprotocols.
• Understand how to implement NSA approved encryption technologies anddevices. Apply DISA Security Technical Implementation Guides (STIGs).
• Apply virtual hosting and server technology in system architectures. Understandand apply the concept of deceptive technology such as honey pots in systemarchitectures.
• Participate in Code Reviews. Perform Static Source Code Analysis. Authorrecommendations for improving software and code design.
• Contribute to a System Security Administrator and Operators Manual (SSAOM)

Benefits

• Medical, dental, vision, and prescription drug coverage
• Employee Stock Ownership Plan (ESOP)
• Competitive 401(k) programs
• Retirement and Financial Counselors
• Health Savings and Health Reimbursement Accounts
• Flexible Spending Accounts
• Life insurance, short- & long-term disability
• Continuing Education Assistance
• Paid Time Off, Paid Holidays, Paid Leave (e.g., Maternity, Paternity, Jury Duty, Bereavement, Military)
• Third Party Employee Assistance Program that offers emotional and lifestyle well-being services, to include free counseling
• Supplemental Benefit Program
• Employee Ownership: Work with the best and help build YOUR company!
• Family focus: Work for a team that recognizes the importance of family time.
• Culture: Add to our culture of technical excellence and collaboration.
• Dress code: Business casual, we like to be comfortable while we work.
• Resources: Excellent facilities, tools, and training opportunities to grow in your field.
• Open communication: Work in an environment where your voice matters.
• Corporate Fellowship: Opportunities to participate in company sports teams and employee-led interest groups for personal and professional development.
• Employee Appreciation: Multiple corporate events throughout the year, including Holiday Events, Company Picnic, Imagineering Day, and more.
• Founding Partner of the FredNats Baseball team: Equitable distribution of tickets for every home game to be enjoyed by our employee-owners and their families from our private suite.
• Food: We have a lot of food around here!