Basic Red Team Operator jobs in United States
cer-icon
Apply on Employer Site
company-logo

GCA ยท 4 days ago

Basic Red Team Operator

positionNorfolk, VA 23462
timeFull-time
remoteOnsite
seniorityEntry Level
date1+ years exp

GCA is a minority veteran owned small business providing solutions to customer requirements in the intelligence and information technology industries. The Basic Red Team Operator supports OPTEVFOR Cyber Operational Test & Evaluation activities by conducting penetration testing and red team operations, contributing to test planning, execution, and post-test activities.

Information Technology & Services
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Become proficient in OPTEVFOR Cyber Test & Evaluation CONOPS, SOPs, policies, and guidance
Research and submit operational requirements for acquisition of cyber tools and equipment in accordance with the 01D tool approval process
Support development and execution of tactics, techniques, and procedures (TTPs) for penetration testing and red team operations
Participate in OPTEVFOR cyber test planning activities, including:
Conducting open-source research and reviewing system-under-test (SUT) documentation to understand mission, architecture, interfaces, and critical components
Identifying attack surfaces and potential threat vectors
Participating in checkpoint meetings
Supporting development of test objectives
Reviewing test plans to ensure objectives are feasible and executable
Participating in test planning site visits
Support preparation for cyber OT&E execution, including:
Participation in site pre-test coordination visits and delivery of test site in-briefs
Reviewing approved test plans
Adding relevant information and artifacts to the test library
Conducting focused research on SUTs and presenting findings to the red team
Preparing OPTEVFOR Red Team test assets and environments
Execute assigned cyber test events, including Cooperative Vulnerability Penetration Assessments, Adversarial Assessments, and Cyber Tabletops, in support of Operational Testing, Developmental Testing, risk reduction events, and other assigned events
Employ OPTEVFOR-provided and NAO-approved commercial and open-source cyber assessment tools, including but not limited to:
Core Impact, Nmap, Burp Suite, Metasploit, Nessus
Apply ethical hacking techniques to exploit discovered vulnerabilities and misconfigurations associated with:
Operating systems (Windows, Linux, Unix)
Network protocols and services (HTTP, FTP, DNS, PKI, HTTPS)
Execute assigned tasks independently with oversight from intermediate or advanced operators
Ensure all testing is conducted safely, in accordance with approved test plans and OPTEVFOR policies
Adhere to JFHQ-DoDIN deconfliction procedures
Verify accuracy and completeness of collected test data
Participate in the post-test iterative process, including development of deficiency and risk documentation
Document lessons learned and contribute to continuous improvement of red team operations
Participate in capture-the-flag events, cyber off-sites, red team huddles, and technical exchange meetings; develop required products and materials to support these activities
Attend OPTEVFOR-required meetings in support of OT&E activities
Analyze target operational architectures to identify access vectors
Conduct network reconnaissance, scouting, and vulnerability analysis
Perform on-net and off-net activities to control and exfiltrate data
Conduct open-source intelligence (OSINT) collection
Deploy and utilize exploitation tools (e.g., backdoors, sniffers)
Exploit network, security, and endpoint devices using approved methods
Facilitate access via physical or wireless means
Identify network strengths, weaknesses, and vulnerabilities
Translate customer requirements into operational actions
Interpreting vulnerability scan results
Extracting and analyzing packet capture data
Using remote command-line and GUI tools
Processing collected data for follow-on analysis
Verifying file integrity
Determining patch levels and identifying patch signatures

Qualification

Certified Ethical Hacker (CEH)Penetration TestingOffensive Security ToolsWindows Operating SystemLinux Operating SystemNetwork ProtocolsOpen-source Intelligence (OSINT)Red Team ReportingData AnalysisTechnical Communication

Required

Certified Ethical Hacker (CEH) certification or equivalent/higher offensive cybersecurity certification
Minimum of one (1) year of experience performing penetration testing, red teaming, and/or exploitation development
Proficiency in at least two operating systems, including Windows, Linux, or Unix variants
Proficiency with at least one offensive security tool, such as: Metasploit, Cobalt Strike, Core Impact
Ability to operate independently to conduct penetration testing or red team activities under guidance from senior or intermediate operators
Ability to independently generate red team reports and supporting documentation

Company

GCA

twitter
Glassdoor3.4
company-logo
GCA is a veteran owned small business providing solutions to customer requirements in every realm of the intelligence and information technology industries to include, imagery/intelligence analysis, related systems engineering and administration, operations and maintenance, networking and VTC services.
dateFounded in 2015
location
Manassas, VA, US
people-size11-50 employees
web-link
https://www.gcanext.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Anthony Tannoya
Chief Executive Officer
linkedin
leader-logo
Michael Dorr
Vice President & COO
linkedin
Company data provided by crunchbase