Penetration Tester

Job Description
Tharros has an immediate opportunity to support the US Navy with operational test and evaluation support. The Penetration Tester will assist in the development of cyber test plans, execute cyber tests, and report cyber test results. In this role you will conduct cyber tests on operational systems, in laboratory environments, or in cyber range environments. Testing may be against physical, virtualized, or cloud-based systems. This position shall leverage all authorized resources and analytic techniques to penetrate/access targeted networks and systems under test in support of OPTEVFOR's cyber OT&E mission. Team member will perform these duties under the supervision of the 01D Cyber Operations Officer.

• Review and become proficient in OPTEVFOR cyber T&E concept of operations, SOPs, policies and guidance.
• Analyze target operational architecture for ways to gain access.
• Conduct network scouting and vulnerability analyses of systems within a network.
• Conduct on-net and off-net activities to control, and exfiltrate data from deployed, automated technologies.
• Conduct open-source data collection via various online tools.
• Conduct survey of computer and digital networks.
• Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers).
• Exploit network devices, security devices, and/or terminals or environments using various methods or tools.
• Facilitate access enabling by physical and/or wireless means.
• Identify points of strength and vulnerability within a network.

Requirements

• Minimum 1 year experience performing any combination of: penetration testing, red teaming, or exploitation development.
• Certified Ethical Hacker (CEH) or equivalent certification.
• Proficient in at least two operating systems, to include Windows, Linux, or Unix variants.
• Proficient in multiple offensive tools, including:
  
  • Metasploit, Cobalt Strike, Core Impact
• Independently operate to conduct penetration testing/red teaming to accomplish assigned test objectives.
• Independently generate red team report documents.
• Skill in determining installed patches on various operating systems and identifying patch signatures.
• Skill in extracting information from packet captures.
• Skill in identifying the devices that work at each level of protocol models.
• Skill in interpreting vulnerability scanner results to identify vulnerabilities.
• Skill in processing collected data for follow-on analysis.
• Skill in remote command line and graphical user interface tool usage.
• Skill in using tools, techniques, and procedures to exploit a target.
• Skill in verifying the integrity of all files.
• Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., Central Processing Unit (CPU), Network Interface Card (NIC), data storage).
• Knowledge of auditing and logging procedures (including server-based logging).
• Knowledge of basic programming concepts (e.g., levels, structures, compiled vs. interpreted languages).
• Knowledge of malware.
• Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
• Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
• Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.
• Knowledge of the basic structure, architecture, and design of modern communication networks.
• Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
• Knowledge of virtual machine technologies.
• Knowledge of collection management processes, capabilities, and limitations.
• Ability to interpret and translate customer requirements into operational action.
• Ability to perform network collection tactics, techniques, and procedures to include decryption capabilities/tools.
• Proficient in Microsoft Office Suite to include Teams or similar workplace chat and videoconferencing tools.
• Excellent written and verbal communication skills.

Summary
Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward.

In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.

Tharros. See Everything. Secure Anything.

Tharros is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer and make employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected status.