Security Engineer - Red Team (Offensive Security)

About The Position

Requirements

• TS/SCI eligibility
• 5 years of relevant cybersecurity experience (e.g., Red Team, penetration testing, vulnerability research, security engineering, incident response, detection engineering, etc.).
• Possess and maintain a DoD 8570 IAT Level III certification: SecurityX (CASP+), CISSP, CCNP Security, CISA, GCED, GCIH, CCSP.
• Possess and maintain a DoD 8570 CSSP Auditor certification: CySA+, CEH, CISA, GSNA, CFR, PenTest.
• Possess and maintain one of the following certifications to meet DoD 8140 certification requirements: CySA+, SecurityX (CASP+), CISM, CISA, CISSO, CISSP, CPTE, CFR, FITSP-A, GPEN, GCSA, GSEC, GSNA.
• Understanding of Windows and Linux systems, networking fundamentals, and enterprise services (e.g., Active Directory).

Nice To Haves

• Experience with any of the following: AV/EDR evasion and detection-bypass techniques.
• Custom tooling, payload or, command-and-control (C2) development.
• Software development in C, C++, or a similar language.
• Malware analysis and reverse engineering.
• Cloud platforms and services (AWS, Azure, GCP).
• Physical security assessments or red-team intrusion exercises.
• Industrial control systems (ICS) and Internet of Things (IoT) environments.
• Offensive-security certifications such as OSCP, OSEP, OSCE, CRTO. CRTL, GXPN.

Responsibilities

• Plan and execute no-notice and cooperative Red Team operations across enterprise, application, and cloud environments.
• Identify and exploit network, host, and application-level vulnerabilities.
• Develop and refine proof-of-concept exploits and techniques to test defensive measures.
• Produce detailed technical findings and recommendations for remediation.
• Collaborate with defensive and engineering teams to improve detection and response.
• Continuously evolve team tactics, techniques, and procedures (TTPs), documentation, and training materials to reflect emerging adversary behaviors.
• Participate in after-action reviews and contribute to policy and playbook updates.
• Prepare, update, document, and present course materials that cover TTPs.
• Provide support required to maintain the customer’s Cybersecurity Service Provider (CSSP) accreditation per the standards, including documentation and technical writing support as needed.
• Considerable travel.

Benefits

• RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.
• RMC can offer you a great place to work with a small company feel and give you the experience, tuition assistance, and certifications that will take your career to the next level.
• We offer Monday to Friday full-time day shift work, and can assist in paid relocation.
• This also includes a competitive paid vacation package with 11 paid federal holidays.
• Additionally, we also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.