Qualified candidate will conduct multiple-disciple penetration tests of global customer networks, rapid development of domain or problem-specific tools that leverage identified vulnerabilities, research on the latest exploitation techniques and threat vectors, and design and configuration of representative test environments. Candidate must support various training events, conferences, exercises, and demonstrations to ensure continued compliance with team member certification requirements to enhance technical capabilities, and to support authorized missions and test events. Less than 25% travel is required. Position is in support of the Department of the Navy’s Commander, Operational Test and Evaluation Force.
Specific Requirements/Job Description:
- Experience with at least one of the following scripting languages (PowerShell, Bash, Python, Ruby, Node.js
- Experience performing web application security assessments
- Experience with TCP/IP protocols as it relates to network security
- Experience with offensive tool sets including: Kali Linux, Metasploit, CobaltStrike, Intercepting Proxies, etc.
- Experience in using network protocol analyzers and sniffers, as well as ability to decipher packet captures
- Experience with multiple Operating Systems, including: Windows, Linux, and Real-Time Operating Systems
- Excellent independent (self-motivational, organizational, personal project management) skills
- Proven ability to work effectively with management, staff, vendors, and external consultants
- Ability to think outside the box and emulate adversarial approaches
- Capable of conducting penetration tests on applications, systems and network utilizing proven/formal processes and industry standards.
- Capable of managing multiple penetration test engagements, from cradle to grave, at the same time
- In depth understanding of emerging threats, vulnerabilities, and exploits
- Participate in development of test plans, execution of test events, and reporting
- Participate in development and documentation of new tactics, techniques, and procedures (TTPs) for system under test (SUT) and system of systems (SOS) analysis and testing
- Observe, collect, analyze, and document tests and test results