ClearanceJobs
Senior Cyber Security Engineer / CSET Team
ClearanceJobs, Patuxent River, Maryland, United States, 20670
Security Team Engagement Specialist
Performing as a member of CSET Team providing guidance and subject matter expertise to government personnel. Supporting offensive security/red team/adversarial emulation testing. Executing Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery. Developing comprehensive security testing strategies and programs to provide assurance that security controls are designed and operating effectively. Developing innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to customer needs. Facilitating multiple stakeholders to agree on appropriate solutions and verifying that risks are mitigated appropriately. Working independently but collaborate with cross-functional to provide security engineering consulting and control design recommendations to reduce risk. Conducting open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure. Systematically analyzing each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering. Developing payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement. Safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices. Evading EDR devices such as Windows Defender and Carbon Black to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives. Demonstrating expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure. Carefully document and log all exploitation activities. Continually exercise situational awareness in order to quickly identify any instances of cohabitation. Documenting identified vulnerabilities and researching corrective/remediation actions in order to recommend a risk mitigation technique(s). Demonstrating new vulnerabilities and assist Network Defenders (Blue Team) with the refinement of detection capabilities. Maintaining knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents. Communicating effectively with team members especially during an engagement. Ability to think unconventionally in order to develop adversarial TTPs. Keeping current with TTPs and the latest offensive security techniques.
Performing as a member of CSET Team providing guidance and subject matter expertise to government personnel. Supporting offensive security/red team/adversarial emulation testing. Executing Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery. Developing comprehensive security testing strategies and programs to provide assurance that security controls are designed and operating effectively. Developing innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to customer needs. Facilitating multiple stakeholders to agree on appropriate solutions and verifying that risks are mitigated appropriately. Working independently but collaborate with cross-functional to provide security engineering consulting and control design recommendations to reduce risk. Conducting open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure. Systematically analyzing each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering. Developing payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement. Safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices. Evading EDR devices such as Windows Defender and Carbon Black to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives. Demonstrating expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure. Carefully document and log all exploitation activities. Continually exercise situational awareness in order to quickly identify any instances of cohabitation. Documenting identified vulnerabilities and researching corrective/remediation actions in order to recommend a risk mitigation technique(s). Demonstrating new vulnerabilities and assist Network Defenders (Blue Team) with the refinement of detection capabilities. Maintaining knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents. Communicating effectively with team members especially during an engagement. Ability to think unconventionally in order to develop adversarial TTPs. Keeping current with TTPs and the latest offensive security techniques.