Apply on Employer Site

Agile Defense · 4 months ago

Penetration Tester / Threat Emulator

Washington, D.C.

Full-time

Hybrid

Mid Level

4+ years exp

Agile Defense is committed to providing innovative solutions to support national missions through advanced technologies and elite minds. The Penetration Tester / Threat Emulator will assist cyber security operations by simulating real-world threats, conducting thorough analyses of systems, and providing recommendations to enhance security measures. This role involves collaborating with teams to improve understanding of risks and vulnerabilities while developing automated testing programs.

Information ServicesInformation TechnologySoftware

Growth Opportunities

No H1B

Security Clearance Required

Responsibilities

Research and remain up to date with emerging threats and Threat Emulation methodologies

Map Cyber Key Terrain and generate priority target lists

Engage in project meetings to gain knowledge of changes to the infrastructure and information sources that will aid the Threat Emulation Team

Conduct research on commercial and open-source tools that may address capability gaps in detecting and/or blocking malicious activity

Be familiar with development of attack vectors, system and infrastructure reconnaissance, collection of open‐source intelligence, enumeration, and foot-printing of target networks and services

Conduct in-depth analysis of computer network and host data to determine threat patterns and unusual behaviors to identify potential TTPs employed by adversarial APTs and identify related APT activities and malware within operational networks and systems

Use TTPs to emulate real-world threats in order to train and measure the effectiveness of the people, processes, and technology used to defend environments

Engage with other Agency offices to gain access to various information sources in support of Threat Emulation activities

Review collected monitoring and defense information that will be used as inputs or indicators of abnormalities or malicious activity for threat simulation development

Generate threat intelligence indicators during emulation operations as part of research and apply and fine tune them across the enterprise network

Develop Python and PowerShell customized scripts, payloads, and system backdoor emulations to simulate attacker behavior within various stages of attack activity, detection evasions, lateral movements, or exfiltration attempts

Utilize the Cyber Threat Framework (ODNI) and production of Threat Emulation findings in said format

Provide reporting for and brief all threat emulation successes at the completion of each approved emulation operation, which may include write-ups and evidence discovered

Provide recommendations on enhancing Threat Emulation capabilities

Qualification

Penetration TestingThreat EmulationIncident DetectionCyber Intelligence AnalysisPythonPowerShellAnalytical SkillsTechnical WritingTeam CollaborationAttention to DetailMentoringCommunication Skills

Required

One or more certifications: GCIA, GCED, GCFE, GCTI, GNFA, GCIH, CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI

Typically has a bachelor degree, and 4-5 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required

Threat Emulation SMEs must have at least 4-5 years of experience in incident detection, cyber defense, cyber intelligence analysis, and/or Penetration Testing

Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, Electrical Engineering, or related field of study

Active Top Secret Clearance and SCI Eligibility

Strong analytical and technical skills in computer network defense operations

Prior experience and ability with analyzing threat intelligence/information or providing cyber defense analytical capabilities to assist in proactive identification of threats, events, and incidents

Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support efforts

Strong logical/critical thinking abilities, especially analyzing vulnerability information and current adversarial TTPs and IOCs

Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings

Excellent organizational and attention to detail in tracking activities as part of overall Security Operation workflows or projects

Experience with the identification and implementation of defensive countermeasures or mitigating controls for deployment and implementation in the enterprise network environment

Experience in mentoring and training analysts or Red Team members

Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored])

Knowledge of general attack stages (e.g., foot-printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)

Knowledge of incident categories, incident responses, and timelines for responses