SIGN IN
Penetration Tester /Red Team jobs in United States
cer-icon
Apply on Employer Site
company-logo

Cyber Defense Technologies · 22 hours ago

Penetration Tester /Red Team

positionChantilly, Virginia
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date10+ years exp
Cyber Defense Technologies is seeking an experienced Penetration Tester/Red Team Security Engineer to support a government customer in Chantilly, VA. The role involves leading adversarial based security testing, evaluating environments for weaknesses, and providing actionable strategies to enhance security posture.
Cyber SecurityInformation TechnologySecurity
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Demonstrate an ability to structure a Red Team and optimize it for execution, including programmatic improvements to fill in gaps with the existing team
Perform and lead a full scope of Red Team testing; including network penetration, web application testing, threat analysis, wireless network assessments, social-engineering testing, and IDS/IPS/Antivirus evasion techniques
Utilize knowledge of operating systems, networking protocols, firewalls, databases, firmware, middleware, applications, forensic analysis, scripting, and programming to perform adversarial based security engagements
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Mentor and lead junior technical operators and clearly translate highly technical information to senior management in a way that supports mission goals
Help define the Red Team strategy to further enhance the organization’s security posture
Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Provide risk-appropriate and pragmatic recommendations to correct vulnerabilities found
Configure and safely utilize attacker tools, tactics, and procedures to improve the security posture of mission systems
Develop scripts, tools, or methodologies to enhance the Red Team processes

Qualification

OSCP certificationNetwork penetration testingRed Team exercisesWeb application security testingShell scriptingExploit developmentOSINT techniquesKali LinuxMetasploitNessusAnalytical skillsProblem-solving skillsCommunication skillsAttention to detail

Required

Bachelor's degree and 15 years of work experience or Master's Degree and 10 years of work experience
Experience in network penetration testing and manipulation of network infrastructure
Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby
Experience developing, extending, or modifying exploits, shellcode or exploit tools
Experience with Red, Blue, or Purple teaming exercises
Working knowledge of exfiltration and lateral movement tradecraft
Working knowledge of OSINT collection/ reconnaissance techniques for target selection
Strong attention to detail with analytical and problem-solving skills
Knowledge of tools used for web application and network security testing, such as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Bloodhound, Powershell Empire, Nessus, Web Inspect, NMAP, Nikto, Sqlmap, etc
8570 Level 3 IA certification
An active Top Secret/SCI or TS/SCI with CI Poly is required

Preferred

A degree in a technical field (Computer Science, IT Engineering, etc)
Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors
Experience with source code review for control flow and security flaws
An implementation level familiarity with all common classes of modern exploitation such as: XSS, XMLi, SQLi, Deserialization Attacks, etc
Thorough understanding of network protocols, data on the wire, and covert channels
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
Experience in mobile and/or web application assessments
Experience in email, phone, or physical social-engineering assessments
Programming skills as well as the ability to read and assess applications written in multiple languages, such as JAVA, .NET, C#, or others
Emulate ransomware and advanced persistent threats (APT) in support of Threat Hunt
Industry certifications such as OSCP/OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN

Company

Cyber Defense Technologies

twittertwittertwitter
company-logo
CDT is a Service Disabled Veteran Owned Small Business (SDVOSB) and cyber security firm that provides consulting and security services.
dateFounded in 2010
location
Reston, Virginia, USA
people-size11-50 employees
web-link
http://www.cyberdefensetechnologies.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
William Kimble
Co-Founder and Chief Executive Officer
linkedin
leader-logo
James Wright
Co-Founder, President, and COO
linkedin

Recent News

PRNewswire
Milton Security and Cyber Defense Technologies Team Up for VETCON V at DEFCON 30
2022-07-07
Company data provided by crunchbase