United States onlyQualifications:
- Certified Ethical Hacker (CEH), equivalent, or higher certification.
- Minimum 1 year of experience performing any combination of penetration testing, red teaming, or exploitation development.
- Proficient in at least two operating systems, to include Windows, Linux, or Unix variants.
- Proficient in at least one of the following offensive tools: Metasploit, Cobalt Strike, Core Impact
- Independently operate to conduct penetration testing/red teaming under the guidance of a senior or mid red team operator to accomplish assigned test objectives.
- Independently generate red team report documents.
Duties:
- Review and become proficient in OPTEVFOR Cyber T&E concept of operations, SOPs, policies and guidance
- Research and submit operational requirements for acquisition of equipment or cyber capabilities, following the 01D tool approval process.
- Support development and execution of TTPs for penetration testing or red teaming
- Participate in OPTEVFOR cyber test planning
- Conduct open-source research and system under test documentation review to familiarize with the system’s mission, architecture and interfaces including critical components to identify its attack surface and threat vectors
- Participate in check point meetings
- Guide development of test plan objectives
- Review test plans, ensuring that test plans objectives are feasible
- Participate in test planning site visits
- Participate in site pre-test coordination visits. Provide an in brief to the test site.
- Review test plans
- Add relevant information to test library
- Conduct research on SUTs and present findings to the red team prior to test
- Prepare OPTEV-RT test assets
- Execute test events, including Cooperative Vulnerability Penetration Assessments, Adversarial assessments, and Cyber Tabletops, in support of Operational Testing, Developmental Testing, risk reduction events, or other events, as assigned.
- Use OPTEVFOR provided and NAO approved commercial and open-source network cyber assessment tools (e.g. Core Impact, Nmap, Burp, Metasploit, and Nessus).
- Employee ethical hacking expertise to exploit discovered vulnerabilities and misconfigurations associated with but not limited to operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc) to accomplish test objectives
- Be able to accomplish tasking independently with direction provided by an intermediate or advanced operator
- Ensure test are conducted safely, in accordance with the test plan, and OPTEVFOR policies are adhered to.
- Follow JFHQ-DODIN deconfliction procedures
- Verify collected data for accuracy and completeness.
- Participate in the post-test iterative process, including generation of documents (e.g. deficiency/risk sheets)
- Document lessons learned.
- Participate in capture the flag events, cyber off sites, external engagements such as red team huddles and red team technical exchange meetings; develop required products and materials in support of these events
- Attend OPTEVFOR required meetings in support of OT&E.
