Penetration Tester / Threat Emulator Job at Agile Defense, Inc. in Olympia

Requisition #: 1141 Non-Employee Referral Bonus Eligible: $2,000 Penetration Tester / Threat Emulator National Capital Region Required Certification(s) One or more certifications: GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI Offensive Security Certified Professional - OSCP (Optional but Preferred), Certified Ethical Hacker - CEH (Optional) SUMMARY This program supports a federal government organization’s "purple team" ops, providing comprehensive Computer Network Defense and Offense, Incident Response, and Threat Emulation support through monitoring, analysis, and replication of potential threat activity targeting the enterprise. The Threat Emulation SME will perform activities related to assisting cyber security operations team members to advance organizational understanding over risks and potential exposures related to software, system, and network weaknesses using advanced security/pen testing and auditing methods. Advanced Cyber Threat Emulation members also engage with senior leadership to identify, report, and perform real-world threat activity simulation attacks, such as those used by our nation’s adversaries, in order to train and measure the effectiveness of the people, processes, and technology used to defend Agency networks and systems. JOB DUTIES AND RESPONSIBILITIES Research and remain up to date with emerging threats and Threat Emulation methodologies. Map Cyber Key Terrain and generate priority target lists. Engage in project meetings to gain knowledge of changes to the infrastructure and information sources that will aid the Threat Emulation Team. Conduct research on commercial and open-source tools that may address capability gaps in detecting and/or blocking malicious activity. Be familiar with development of attack vectors, system and infrastructure reconnaissance, collection of open‑source intelligence, enumeration, and foot‑printing of target networks and services. Conduct in-depth analysis of computer network and host data to determine threat patterns and unusual behaviors to identify potential TTPs employed by adversarial APTs and identify related APT activities and malware within operational networks and systems. Use TTPs to emulate real-world threats in order to train and measure the effectiveness of the people, processes, and technology used to defend environments. Engage with other Agency offices to gain access to various information sources in support of Threat Emulation activities. Review collected monitoring and defense information that will be used as inputs or indicators of abnormalities or malicious activity for threat simulation development. Generate threat intelligence indicators during emulation operations as part of research and apply and fine tune them across the enterprise network. Develop Python or other scripting language for malware creation and/or PowerShell customized scripts, payloads, and system backdoor emulations to simulate attacker behavior within various stages of attack activity, detection evasions, lateral movements, or exfiltration attempts. Utilize the Cyber Threat Framework (ODNI) and production of Threat Emulation findings in said format. Provide reporting for and brief all threat emulation successes at the completion of each approved emulation operation, which may include write‑ups and evidence discovered. Provide recommendations on enhancing Threat Emulation capabilities. QUALIFICATIONS Required Certifications One or more certifications: GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI Offensive Security Certified Professional - OSCP (Optional but Preferred), Certified Ethical Hacker - CEH (Optional) Education, Background, and Years of Experience Typically has a bachelor degree, and 4‑5 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required. ADDITIONAL SKILLS & QUALIFICATIONS Required Skills Threat Emulation SMEs must have at least 4‑5 years of experience in incident detection, cyber defense, cyber intelligence analysis, and/or Penetration Testing. Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, Electrical Engineering, or related field of study. Active Top Secret Clearance and SCI Eligibility. Strong analytical and technical skills in computer network defense operations. Prior experience and ability with analyzing threat intelligence/information or providing cyber defense analytical capabilities to assist in proactive identification of threats, events, and incidents. Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support efforts. Strong logical/critical thinking abilities, especially analyzing vulnerability information and current adversarial TTPs and IOCs. Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings. Excellent organizational and attention to detail in tracking activities as part of overall Security Operation workflows or projects. Experience with the identification and implementation of defensive countermeasures or mitigating controls for deployment and implementation in the enterprise network environment. Experience in mentoring and training analysts or Red Team members. Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non‑nation state sponsored], and third generation [nation state sponsored]). Knowledge of general attack stages (e.g., foot‑printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.). Knowledge of incident categories, incident responses, and timelines for responses. Preferred Skills OSCP WORKING CONDITIONS Environmental Conditions General office environment. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available. Strength Demands Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met. Physical Requirements Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities #J-18808-Ljbffr