Twenty
Associate Offensive Cyber Research Engineer
Twenty, Washington, District of Columbia, us, 20022
Associate Offensive Cyber Research Engineer
Twenty is seeking an innovative Associate Offensive Cyber Research Engineer for an in‑office position in its Arlington, VA office with strong research skills, software development, and offensive cyber expertise to join our mission of defending democracies. In this role, you will develop and automate sophisticated attack paths, leverage machine‑speed data processing, and create tools that advance our cyber and electromagnetic capabilities. We’re looking for someone who combines practical development skills with a deep understanding of adversarial techniques gained through government/military Digital Network Exploitation Analysis (DNEA), Exploitation Analyst (EA) operations, penetration testing/red teaming, or threat hunting in a Security Operations Center (SOC) to help build the next generation of cyber technologies for the United States and its allies.
About The Company At Twenty, we are taking on one of the most critical challenges of our time: defending democracies in the digital age. We develop revolutionary technologies that operate at the intersection of cyber and electromagnetic domains, where the speed and complexity of operations exceed human cognition. Our team delivers game‑changing outcomes that directly improve national security.
Role Details Attack Path Development & Implementation
Design and implement sophisticated attack paths that emulate real‑world adversary behaviors and TTPs
Create modular, reusable components for common attack techniques and lateral movement methods
Develop custom tools and scripts to support attack path execution and validation
Data Analysis & Enrichment
Research and evaluate diverse data sources for enhancing attack path effectiveness
Implement data enrichment pipelines to augment existing datasets with threat intelligence
Automation & Tool Development
Automate common red team tools and techniques for scalable deployment
Develop custom extensions and modules for industry‑standard red team frameworks
Create efficient workflows for repetitive security testing procedures
Data Engineering & Processing
Design and implement parsers for various data formats including logs, network traffic, and threat feeds
Create ETL pipelines for processing security‑relevant data at scale
Develop standardized schemas for structured and unstructured security data
Build data validation and cleansing mechanisms
Implement efficient storage and retrieval systems for processed data
Qualifications Technical Skills & Experience
4+ years of threat research and coding experience
Operational cyber security experience in one or more of the following domains:
Digital Network Exploitation Analysis (DNEA) within U.S. Government military or intelligence organizations
Exploitation Analyst (EA) operations conducting network exploitation and intelligence analysis
Penetration Testing/Red Teaming performing offensive security assessments and adversary emulation
Threat Hunting in a Security Operations Center (SOC) identifying and tracking sophisticated threats
Deep understanding of the MITRE ATT&CK framework with practical experience mapping and implementing common adversary TTPs
Proven experience operating industry‑standard threat emulation platforms and command & control frameworks, including development of custom payloads and modules
Track record of integrating and analyzing threat intelligence data sources to enhance detection and response capabilities
Demonstrated proficiency in implementing and detecting advanced persistence mechanisms, defense evasion techniques, and counter‑forensic methods
Strong containerization experience using Docker, including creating secure, production‑ready containers and managing multi‑container applications with Docker Compose
Advanced programming skills in Python and/or Golang, with emphasis on developing security tools and automation frameworks
Experience writing complex graph queries and traversals for analyzing relationships in large datasets, preferably with Neo4j or similar graph databases
Comprehensive knowledge of cybersecurity principles including network security, application security, and secure coding practices
Practical experience in offensive cyber operations, including payload development, post‑exploitation, and lateral movement techniques
Demonstrated expertise in red team methodologies, including campaign planning, OPSEC considerations, and adversary emulation based on real‑world threats
Education
Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field, or equivalent practical experience
Security Requirements
Must be eligible to obtain a U.S. Government security clearance
Distinguishing Qualifications
Previous experience in government cyber operations units or intelligence organizations conducting DNEA or EA operations
Experience with AI/ML integration in operational systems
Background in developing tools for cyber operators or security analysts
Experience with large‑scale data processing and analysis
Certifications such as OSCP, OSCE, GPEN, GXPN, or government‑recognised offensive security credentials
Experience with multi‑domain intelligence analysis correlating cyber, SIGINT, and other intelligence sources
Background in malware analysis, reverse engineering, or exploit development
Additional Skills
Experience with Agile development methodologies
System architecture and design experience
Performance optimisation and scalability experience
Open‑source contributions or personal projects demonstrating relevant skills
Experience with cloud security (AWS, Azure, GCP) and cloud‑native attack techniques
Knowledge of wireless security, IoT protocols, and electromagnetic spectrum operations
Familiarity with forensics tools and incident response procedures
#J-18808-Ljbffr
About The Company At Twenty, we are taking on one of the most critical challenges of our time: defending democracies in the digital age. We develop revolutionary technologies that operate at the intersection of cyber and electromagnetic domains, where the speed and complexity of operations exceed human cognition. Our team delivers game‑changing outcomes that directly improve national security.
Role Details Attack Path Development & Implementation
Design and implement sophisticated attack paths that emulate real‑world adversary behaviors and TTPs
Create modular, reusable components for common attack techniques and lateral movement methods
Develop custom tools and scripts to support attack path execution and validation
Data Analysis & Enrichment
Research and evaluate diverse data sources for enhancing attack path effectiveness
Implement data enrichment pipelines to augment existing datasets with threat intelligence
Automation & Tool Development
Automate common red team tools and techniques for scalable deployment
Develop custom extensions and modules for industry‑standard red team frameworks
Create efficient workflows for repetitive security testing procedures
Data Engineering & Processing
Design and implement parsers for various data formats including logs, network traffic, and threat feeds
Create ETL pipelines for processing security‑relevant data at scale
Develop standardized schemas for structured and unstructured security data
Build data validation and cleansing mechanisms
Implement efficient storage and retrieval systems for processed data
Qualifications Technical Skills & Experience
4+ years of threat research and coding experience
Operational cyber security experience in one or more of the following domains:
Digital Network Exploitation Analysis (DNEA) within U.S. Government military or intelligence organizations
Exploitation Analyst (EA) operations conducting network exploitation and intelligence analysis
Penetration Testing/Red Teaming performing offensive security assessments and adversary emulation
Threat Hunting in a Security Operations Center (SOC) identifying and tracking sophisticated threats
Deep understanding of the MITRE ATT&CK framework with practical experience mapping and implementing common adversary TTPs
Proven experience operating industry‑standard threat emulation platforms and command & control frameworks, including development of custom payloads and modules
Track record of integrating and analyzing threat intelligence data sources to enhance detection and response capabilities
Demonstrated proficiency in implementing and detecting advanced persistence mechanisms, defense evasion techniques, and counter‑forensic methods
Strong containerization experience using Docker, including creating secure, production‑ready containers and managing multi‑container applications with Docker Compose
Advanced programming skills in Python and/or Golang, with emphasis on developing security tools and automation frameworks
Experience writing complex graph queries and traversals for analyzing relationships in large datasets, preferably with Neo4j or similar graph databases
Comprehensive knowledge of cybersecurity principles including network security, application security, and secure coding practices
Practical experience in offensive cyber operations, including payload development, post‑exploitation, and lateral movement techniques
Demonstrated expertise in red team methodologies, including campaign planning, OPSEC considerations, and adversary emulation based on real‑world threats
Education
Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field, or equivalent practical experience
Security Requirements
Must be eligible to obtain a U.S. Government security clearance
Distinguishing Qualifications
Previous experience in government cyber operations units or intelligence organizations conducting DNEA or EA operations
Experience with AI/ML integration in operational systems
Background in developing tools for cyber operators or security analysts
Experience with large‑scale data processing and analysis
Certifications such as OSCP, OSCE, GPEN, GXPN, or government‑recognised offensive security credentials
Experience with multi‑domain intelligence analysis correlating cyber, SIGINT, and other intelligence sources
Background in malware analysis, reverse engineering, or exploit development
Additional Skills
Experience with Agile development methodologies
System architecture and design experience
Performance optimisation and scalability experience
Open‑source contributions or personal projects demonstrating relevant skills
Experience with cloud security (AWS, Azure, GCP) and cloud‑native attack techniques
Knowledge of wireless security, IoT protocols, and electromagnetic spectrum operations
Familiarity with forensics tools and incident response procedures
#J-18808-Ljbffr