Apply on Employer Site

SIXGEN · 1 month ago

Senior Cyber Operator (Red Team)

Washington, DC

Full-time

Hybrid

Senior Level

$120K/yr - $150K/yr

5+ years exp

SIXGEN is a company that supports cyber and intelligence missions for government and commercial organizations facing global cybersecurity challenges. They are seeking a Senior Cyber Operator to conduct research and assessments on real-world threats, perform penetration testing, and provide actionable recommendations to enhance cybersecurity measures.

CommercialCyber SecurityInformation TechnologySoftwareTraining

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Provide recommendations for technical oversight of activities aligned to command priorities

Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies

Perform phishing assessments

Perform vulnerability risk assessment

Participate in the testing phase of security controls assessments using specialized knowledge of network protocols, operating systems, architectures, equipment, services, and standards

Conduct comprehensive, black-box penetration testing of web applications to identify critical vulnerabilities such as SQL injection, XSS, CSRF, XXE, deserialization attacks, RCE, etc. Utilize a bug bounty-style approach to independently enumerate and assess targets, simulating real-world attack scenarios

Analyze application architecture and source code (when available) to uncover deeper, logic-based or systemic vulnerabilities

Document and communicate findings with clear risk assessments, reproduction steps, and actionable remediation recommendations

Stay up to date with evolving web technologies, threat trends, and security tools to ensure cutting-edge testing practices

Qualification

Penetration testingRed team exercisesVulnerability assessmentWeb application testingNetwork mappingOSCP certificationScripting skillsOffensive security toolsOSINT gatheringCommunicationTeam leadershipMentoring skillsCollaborationIndependent work

Required

2 years leadership experience directly leading a team

Minimum 2 years of independently conducting every phase of a red team exercise on their own without guidance or supervision

Minimum 2 years mentoring junior and mid-level operators on red team tradecraft and Advanced Knowledge Requirements (that they possess)

Minimum 2 years of hands-on experience in network mapping, vulnerability scanning, and penetration and web application testing using software frameworks (including but not limited to: Cobalt Strike, Kali, burpsuite, etc.) to meet operational requirements

Strong communication skills for interfacing with clients and documenting findings

Demonstrated experience working both collaboratively and independently with minimal supervision

Script writing and crafting of payloads that bypass A/V and EDR solutions for use in various phases of a red team exercise

In-depth Experience pen testing on internal and external networks

Minimum 5 years of hands-on web application penetration testing experience, with a strong preference for OSCP or equivalent hands-on certifications (e.g. CBBH, CWEE, OSWA, OSWE, GWAPT)

Experience developing actionable intelligence based on open source intelligence (OSINT) gathering

Experience building offensive capabilities or tools to enhance operations with programming languages such as, but not limited to, Python, Bash, terraform, ansible, etc

Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON)

Advanced knowledge of manual testing techniques and automated tools (e.g., Burp Suite, OWASP ZAP) to assess application security

Familiarity with FISMA and NIST 800-series frameworks; experienced in applying formal testing protocols and methodologies to assess networks, web apps, and cloud environments

CRTO certification required (or ability to obtain within 90 days of start date)

Willing and able to travel as needed. Up to 50% during periods of high workload