Penetration Tester / Threat Emulator (Washington)

Penetration Tester / Threat Emulator

At Agile Defense we know that action defines the outcome and new challenges require new solutions. That's why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next. Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility-leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation's vital interests.

This program supports a federal government organization's purple team ops, providing comprehensive Computer Network Defense and Offense, Incident Response, and Threat Emulation support through monitoring, analysis, and replication of potential threat activity targeting the enterprise. The Threat Emulation SME will perform activities related to assisting cyber security operations team members to advance organizational understanding over risks and potential exposures related to software, system, and network weaknesses using advanced security / pen testing and auditing methods. Advanced Cyber Threat Emulation members also engage with senior leadership to identify, report, and perform real-world threat activity simulation attacks, such as those used by our nation's adversaries, in order to train and measure the effectiveness of the people, processes, and technology used to defend Agency networks and systems. Analyzes for weaknesses in company systems. Devises tests and scenarios for various penetration tests. Documents results and communicates them to engineers and management. Provides recommendations for new technologies and system designs according to test results. Develops automated testing programs where possible and efficient.

Job Duties and Responsibilities :

• Research and remain up to date with emerging threats and Threat Emulation methodologies.
• Map Cyber Key Terrain and generate priority target lists.
• Engage in project meetings to gain knowledge of changes to the infrastructure and information sources that will aid the Threat Emulation Team.
• Conduct research on commercial and open-source tools that may address capability gaps in detecting and / or blocking malicious activity.
• Be familiar with development of attack vectors, system and infrastructure reconnaissance, collection of open-source intelligence, enumeration, and foot-printing of target networks and services.
• Conduct in-depth analysis of computer network and host data to determine threat patterns and unusual behaviors to identify potential TTPs employed by adversarial APTs and identify related APT activities and malware within operational networks and systems.
• Use TTPs to emulate real-world threats in order to train and measure the effectiveness of the people, processes, and technology used to defend environments.
• Engage with other Agency offices to gain access to various information sources in support of Threat Emulation activities.
• Review collected monitoring and defense information that will be used as inputs or indicators of abnormalities or malicious activity for threat simulation development.
• Generate threat intelligence indicators during emulation operations as part of research and apply and fine tune them across the enterprise network.
• Develop Python or other scripting language for malware creation and / or PowerShell customized scripts, payloads, and system backdoor emulations to simulate attacker behavior within various stages of attack activity, detection evasions, lateral movements, or exfiltration attempts.
• Utilize the Cyber Threat Framework (ODNI) and production of Threat Emulation findings in said format.
• Provide reporting for and brief all threat emulation successes at the completion of each approved emulation operation, which may include write-ups and evidence discovered.
• Provide recommendations on enhancing Threat Emulation capabilities.

Qualifications :

One or more certifications : GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI

Offensive Security Certified Professional - OSCP (optional but preferred), Certified Ethical Hacker - CEH (optional)

Education, Background, and Years of Experience : Typically has a bachelor degree, and 4-5 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required.

Additional Skills & Qualifications :

Threat Emulation SMEs must have at least 4-5 years of experience in incident detection, cyber defense, cyber intelligence analysis, and / or Penetration Testing.

Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, Electrical Engineering, or related field of study.

Active Top Secret Clearance and SCI Eligibility.

Strong analytical and technical skills in computer network defense operations.

Prior experience and ability with analyzing threat intelligence / information or providing cyber defense analytical capabilities to assist in proactive identification of threats, events, and incidents.

Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support efforts.

Strong logical / critical thinking abilities, especially analyzing vulnerability information and current adversarial TTPs and IOCs.

Strong proficiency Report writing - a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.

Excellent organizational and attention to detail in tracking activities as part of overall Security Operation workflows or projects.

Experience with the identification and implementation of defensive countermeasures or mitigating controls for deployment and implementation in the enterprise network environment.

Experience in mentoring and training analysts or Red Team members.

Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored])

Knowledge of general attack stages (e.g., foot-printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)

Knowledge of incident categories, incident responses, and timelines for responses.

Preferred Skills :

OSCP

Working Conditions :

Environmental Conditions :

General office environment. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.

Strength Demands :

Sedentary - 10 lbs. Maximum lifting, occasional lift / carry of small articles. Some occasional walking or standing may be required.

Physical Requirements :

Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel

Strengths :

Happy - Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.

Helpful - Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.

Honest - Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.

Humble - Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.

Hungry - Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.

Hustle - Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.

Equal Opportunity Employer / Protected Veterans / Individuals with Disabilities