Senior Cyber Security Engineer​/CSET Security Clearance

Position: Senior Cyber Security Engineer / CSET with Security Clearance
Description
* supporting offensive security/red team/adversarial emulation testing
* executing red team engagements in a variety of networks using real-world adversarial tactics, techniques, and procedures (ttps) from conception to report delivery
* developing comprehensive security testing strategies and programs across ncrc-u to provide assurance that security controls are designed and operating effectively
* developing innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to customer needs
* facilitating multiple stakeholders to agree on appropriate solutions and verifying that risks are mitigated appropriately
* demonstrating creativity, insight, intellectual flexibility, and sound business judgment throughout the process
* working independently but collaborate with cross-functional to provide security engineering consulting and control design recommendations to reduce risk
* conducting open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage c2 infrastructure
* systematically analyzing each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering
* developing payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement
* safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices
* evading edr devices such as windows defender and carbon black to avoid detection by defenders/behavioral based alerting in order to further the engagement objectives
* demonstrating expertise in one of the following: active directory, software development, incident response, or cloud infrastructure
* carefully document and log all exploitation activities
* continually exercise situational awareness in order quickly identify any instances of cohabitation
* documenting identified vulnerabilities and researching corrective/remediation actions in order to recommend a risk mitigation technique(s)
* demonstrating new vulnerabilities and assist network defenders (blue team) with the refinement of detection capabilities
* maintaining knowledge of applicable red team policies, standing ground rules, regulations, and compliance documents
* communicating effectively with team members and during an engagement
* ability to think unconventionally in order to develop adversarial ttps
* keeping current with ttps and the latest offensive security techniques [#li-dh1] requirements
* bachelor's degree with a focus in computer science, computer information systems, engineering, mathematics, management information systems, cybersecurity, cyber operations, or a related discipline with corresponding experience and demonstrated mastery of relevant computer science topics
* 5+ years of cyber adversarial emulation experience, to include penetration testing of modern windows and linux operating systems, ip-based networks and protocols, 802.11 networks, and/or web applications, hardware hacking, software defined networks/rf
* 10+ years of experience in leading complex and technically diverse teams of cyber professionals (software developers, system administrators, penetration testers, incident responders, etc.)
* intermediate knowledge of known advanced persistent threat (apt) actor techniques, tactics, and procedures (ttps), to include familiarity with terminology from mitre att&ck® used to describe ttps used in cyber attacks
* intermediate knowledge of techniques and tools used for exploit development of common operating systems, software debugging, and application fuzzing
* intermediate knowledge of tools and techniques used for incident response, reverse engineering, and digital forensics
* superior oral communication skills, including the ability to project confidence and enthusiasm, in the following core areas: formal presentations; soliciting goals and requirements from range users; explaining adversarial emulation in the context of testing and training…