Red Team Developer

Overview

For two decades, Millennium Corporation has been operating on the leading edge of cybersecurity. Our elite team of more than 400 experts has an unparalleled record of performance supporting Red Team Operations, Defensive Cyber Operations, Software Engineering, and Technical Engineering. With the largest contingent of contracted Red Team operators in the DoD, we provide an unmatched level of threat intelligence and battle-tested experience for customers in both the DoD and federal civilian markets.

What We Believe

We believe that diversity is a fact, inclusion is a choice. At Millennium Corporation, we are inclusive. We celebrate multiple approaches and different points of view. We strongly believe that diversity drives innovation, and we are building a culture where differences are valued. We are always growing our programs and we offer tools to help our employees grow and manage their careers.

Millennium is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. Millennium promotes affirmative action for women, minorities, disabled persons, LGBTQ+ and veterans.

Responsibilities

Millennium Corporation is hiring a Red Team Developer in Huntsville, AL. An active Secret clearance with TS/SCI eligibility is required.

Our Red Teamers work closely with Blue Teams, local defenders, and project management teams to evaluate and enhance a customer's Zero Trust environment. More specifically, we accomplish the following:

• Threat Simulation: We simulate "real-world" attack scenarios to test if the Zero Trust architecture can prevent unauthorized access. This includes attempting lateral movement, privilege escalation, and bypassing IAM controls.
• Collaboration with Blue Teams: Working in a Purple Team capacity allows us to provide continuous feedback to Blue Teams, testing the effectiveness of detection mechanisms like SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and SOAR (Security Orchestration, Automation, and Response) platforms in responding to security incidents.
• Gap Analysis: We identify areas where Zero Trust principles are not being enforced properly, such as over-privileged users, weak segmentation, or lack of proper monitoring and analytics
• Reporting and Recommendations: After testing, we provide a detailed report that highlights weaknesses and gives recommendations to improve Zero Trust posture, using metrics that are understandable for project managers and technical teams

Additional Responsibilities:

• Maintain proficiency of Red Team operations through occasional support and/or observations of Red Team events.
• Exploitation and vulnerability research, tool design and development (software/application/scripting/coding)
• Perform software development functions in support of the customer's Red Team mission to effectively portray opposition force Computer Network Attack, Computer Network Exploitation, and Computer Network Defense.
• Define requirements and develop software solutions to those requirements based on observed and supplied feedback from Red Team events.
• Support mission and training events by creating new technical and non-technical solutions using an interdisciplinary approach to actively, and passively expose and exploit information system vulnerabilities.
• Experience in using network protocol analyzers and sniffers, as well as the ability to decipher packet captures.
• Work effectively with management, staff, vendors, and external consultants

Qualifications

• Have an active Secret clearance and the ability to obtain TS/SCI clearance.
• Bachelor's degree from an accredited college or university in computer science, information systems, engineering, scientific or a mathematics-intensive discipline
• 5-8 years of practical experience
• Ability to program and script in C++, and C#
• Excellent independent (self-motivational, organizational, personal project management) skills
• Experience with network and security-related protocols
• Capable of conducting pen tests on applications, systems, and networks utilizing proven/formal processes and industry standards.
• In-depth understanding of emerging threats, vulnerabilities, and exploits
• Excellent problem-solving methodology, ability to break nebulous problems down into concrete tasks and execute those tasks to develop solutions
• CEH and CISSP certifications are desired, but not required

Business Development

• Assist with Business Development activities as required to support Millennium's strategic business objectives, which may include but not limited to participation in technical interviews, creation of technical documentation, general proposal writing support and proposal color reviews.

Physical Requirements

• Must be comfortable with prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 10-15 pounds at a time.

Travel Requirements

• Up to 15%