Required

• Technical Cybersecurity experience.
• Experience in penetration testing, computer network attack (CNA), and/or computer network defense (CND).
• Experience with basic scripting languages including bash and/or PowerShell.
• Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.).
• Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
• Knowledge of Windows, Unix, TCP/IP, IDS/IPS, and web content filtering.
• Demonstrated ability to:
  • Adhere to the highest standards of honesty and scientific and business integrity.
  • Think critically about complex problems and situations.
  • Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
  • Develop novel attack vectors based on newly discovered vulnerabilities.
  • Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND).
  • Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the Mitre Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
  • Go beyond automated and “push-button” attack tools and utilities.
• Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Responsibilities:

• Project-Based
  • Help develop and deliver test strategies for attacking and assessing complex and distributed systems.
  • Provide representative tactics, techniques, and procedures (TTPs) for opportunistic, advanced, and sophisticated attackers according to customer goals and objectives.
  • Prepare clear and concise situation reports and activity summaries for BLS customers and senior leadership.
  • Execute verification and validation testing for customer mitigations and fixes.
  • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
• Research and Development (R&D)
  • Attend and/or present at professional conferences and events.
  • Conduct independent research for:
  • The development of novel attack methods.
  • Discovering new and/or undisclosed vulnerabilities.

Contact

Apply Online