Red Team Cyber Security Engineer IV - Arcfield
Charleston, SC 29401
About the Job
Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.
Responsibilities:Position Summary:
Red Team Cyber Security Engineer IV is responsible for providing support for cybersecurity assessment and accreditation activities for the Navy’s National Warfare Red Team (NWRT). The engineer will be responsible for conducting simulated attacks, assessing security measures, and working closely with security teams to remediate identified issues. The ideal candidate is a problem-solver with strong technical skills, a deep understanding of cybersecurity principles, and a passion for ethical hacking. The Offensive Cyber Computer Engineer will support the NWRT in conducting Red Team operations, managing infrastructure, and developing custom cybersecurity tools to support red team operations.
Key Responsibilities:
1. Red Team Assessment Operations Support:
- Support security assessment efforts for the NWRT, utilizing expertise in all DoD Cyber Red Team capabilities such as Remote and Local Cyber Operations, User-Driven Attacks, Long Term Persistence Missions, Active/Passive Wireless Assessments, and Close Access Enabling Cyber (CAEC) activities.
- Execute Operational Vulnerability Assessments (OVA), Acquisition Penetration Assessments (APA), and Cyber Opposing Force (OPFOR) Aggressors Exercises following the United States Cyber Command Standing Ground Rules (SGR).
- Conduct adversarial cybersecurity Developmental and Operational Test and Evaluation (DOT&E) events, penetration tests, and support NWRT assessment methodologies.
- Develop and maintain Tactics, Techniques, and Procedures (TTPs) for network penetration, data exfiltration, CAEC, phishing campaigns, and malware development.
2. Red Team Certification and Accreditation Support:
- Support the maintenance and updating of the Red Team’s DoD Cyber Red Team accreditation, including developing and tailoring documentation packages such as CONOPS, System Security Plans (SSPs), Standard Operating Procedures (SOPs), and report templates.
- Conduct self-assessments against Red Team evaluation scoring metrics (ESMs) and governing policies to ensure compliance and readiness for accreditation evaluations.
- Build and maintain curriculum, courseware, laboratory environments, and study aids to support DoD Red Team certification, accreditation, and self-assessment activities.
- Infrastructure Support:
- Develop, monitor, and maintain the NWRT’s infrastructure for assessment operations and administration, including cloud computing environments and Gold Disk images for various operating systems.
- Support the implementation of the Risk Management Framework (RMF) process for systems or hosting environments, ensuring compliance with DoD and Navy cybersecurity policies and guidelines.
3. Cybersecurity Tool Development:
- Support software development activities to create and maintain cybersecurity tools and infrastructure components that enable NWRT operations, from offensive operations to administrative tasks.
- Ensure tools are interoperable with developed management systems and provide user guides and training for new tools.
4. Program Management Support:
- Serve as the central point of contact, working closely with government project managers to support continuous process improvement through data collection, analysis, and recommendations.
- Manage human resources, including recruiting, hiring, and overseeing personnel to ensure task order performance meets all government requirements within cost and schedule constraints.
Qualifications:
- Bachelor’s degree in Computer, Electrical or Electronics Engineering or Mathematics with field of concentration in computer science.
- 10 years’ experience in Cyber Security with MS
- 14 years’ experience in Cyber Security with BS
- 5 years’ experience specializing in Red Team Operations
- DoD IAT II certification (i.e. Security+ CE, CASP, CISSP, etc.)
- Individual shall have relevant professional certifications in one of the following:
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE) or
- Offensive Security Exploitation Expert (OSEE)
- Offensive Security Exploit Developer (OSED)
- Offensive Security Experienced Pentester (OSEP)
- Offensive Security Wireless Professional (OSWP)
- Offensive Security Web Expert (OSWE)
- Hack The Box Certified Penetration Testing Specialist (HTB CPTS)
- Hack The Box Certified Bug Bounty Hunter (HTB CBBH)
- Certified Red Team Operator (CRTO) from Zero Point Security
- Certified Red Team Lead (CRTL) from Zero Point Security
- Practical Network Penetration Tester (PNPT)
- GIAC Red Team Professional (GRTP)
- GIAC Experienced Penetration Tester (GX-PT)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Must POSSESS and be able to maintain a TS/SCI clearance
Preferred Qualifications:
- Master’s degree in Computer, Electrical or Electronics Engineering or Mathematics with field of concentration in computer science.
- Experience in leading a NSA accredited DoD Red Team.
EEO
Arcfield proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active-Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.