May 29
Secret
Mid Level Career (5+ yrs experience)
No Traveling
IT - Security
Fort Belvoir, VA (On-Site/Office)
BreakPoint Labs is seeking Cyber Red Team Operators to support a Department of Defense client emulate potential nation-state peer adversary cyber reconnaissance, exploitation techniques, and attack capabilities against a targeted mission, system, network, component, or capability. Successful candidates will be passionate about offensive cyber operations and the technical disciplines involved in emulating sophisticated adversarial activity to demonstrate cyber risk-to-mission. This position will be on-site at Fort Belvoir, VA due to the nature of the classified work.
Responsibilities include:
- Plan and execute computer network operations against U.S. government organizations worldwide to strengthen information system security, identify intrusions and vulnerabilities, and recommend mitigation strategies.
- Maintain operational, technical, and authoritative situational awareness during threat emulation-based exploitation and operations.
- Perform advanced penetration tests against U.S. government organizations as required.
- Perform remote operations from Ft. Belvoir, VA, and/or travel to and perform operations on-site at various locations.
- Produce and present formal and informal reports, briefings, and perspectives on adversarial behavior and attacks against target systems, technologies, operations, and missions provided to customers, including DoD Senior Leaders.
- Write high-level technical reports and develop and present briefings documenting findings, concerns, trends, and implications for DoD officials and customers, enabling personnel to consider the most significant technical and high-level factors when committing DoD resources to mitigate identified vulnerabilities and threats to critical national assets, networks, and systems.
- Provide mentorship to other Cyber Red Team Members.
- Support the development of Cyber Red Team training modules, standard operating procedures, assessment planning, assessment reporting, white papers, briefs, and other technical documentation.
Experience:
- Offensive security or significant penetration testing experience
- Ability to communicate complex technical and programmatic information, often in the form of verbal and visual operational updates, situational awareness reports, and briefings
- Ability and willingness to complete client technical aptitude test to validate minimum technical proficiency level.
- DoD Cyber Team experience (desired, not required)
- Expertise in anti-virus evasion, EDR evasion, offensive infrastructure, phishing and social engineering campaigns, and/or penetration testing of critical infrastructure, networking, IoT, and wireless devices (desired, not required)
- Cyber Red Team professional certifications and training (desired, not required)
- Red Team Apprentice Course (RTAC)
- Red Team Journeyman Course (RTJC)
- Certified Red Team Operator (CRTO) certification
- Offensive Security Certified Professional (OSCP)
- Rogue Ops- Red Team 1 (ROPS)
- GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAP)
Required Certifications:
Must hold one of the following DoD 8140/8570 IAT Level III certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Enterprise Defender (GCED)
- CompTIA Advanced Security Practitioner (CASP)
Security Clearance: Ability to obtain a DoD TS/SCI
Responsibilities include:
- Plan and execute computer network operations against U.S. government organizations worldwide to strengthen information system security, identify intrusions and vulnerabilities, and recommend mitigation strategies.
- Maintain operational, technical, and authoritative situational awareness during threat emulation-based exploitation and operations.
- Perform advanced penetration tests against U.S. government organizations as required.
- Perform remote operations from Ft. Belvoir, VA, and/or travel to and perform operations on-site at various locations.
- Produce and present formal and informal reports, briefings, and perspectives on adversarial behavior and attacks against target systems, technologies, operations, and missions provided to customers, including DoD Senior Leaders.
- Write high-level technical reports and develop and present briefings documenting findings, concerns, trends, and implications for DoD officials and customers, enabling personnel to consider the most significant technical and high-level factors when committing DoD resources to mitigate identified vulnerabilities and threats to critical national assets, networks, and systems.
- Provide mentorship to other Cyber Red Team Members.
- Support the development of Cyber Red Team training modules, standard operating procedures, assessment planning, assessment reporting, white papers, briefs, and other technical documentation.
Experience:
- Offensive security or significant penetration testing experience
- Ability to communicate complex technical and programmatic information, often in the form of verbal and visual operational updates, situational awareness reports, and briefings
- Ability and willingness to complete client technical aptitude test to validate minimum technical proficiency level.
- DoD Cyber Team experience (desired, not required)
- Expertise in anti-virus evasion, EDR evasion, offensive infrastructure, phishing and social engineering campaigns, and/or penetration testing of critical infrastructure, networking, IoT, and wireless devices (desired, not required)
- Cyber Red Team professional certifications and training (desired, not required)
- Red Team Apprentice Course (RTAC)
- Red Team Journeyman Course (RTJC)
- Certified Red Team Operator (CRTO) certification
- Offensive Security Certified Professional (OSCP)
- Rogue Ops- Red Team 1 (ROPS)
- GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAP)
Required Certifications:
Must hold one of the following DoD 8140/8570 IAT Level III certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Enterprise Defender (GCED)
- CompTIA Advanced Security Practitioner (CASP)
Security Clearance: Ability to obtain a DoD TS/SCI
group id: 90987816
