Security Classification Assessor Test Engineer III (Government)
Company: Regular
Location: Chantilly
Posted on: January 24, 2023
Job Description:
AT&T Global Public Sector is a trusted provider of secure,
IP enabled, cloud-based, network solutions and professional
services to the -Federal Government. - - We are dedicated to
recruiting, developing and empowering a diverse, high-performing
workforce that is passionate about what they do, committed to our
shared values and dedicated to our customers' mission Our National
Security Team supports the intelligence community, providing,
operating and assuring critical voice, video and collaboration
services for the full spectrum of operations. -The services
required by this contract will assist OS&CI in providing the
NRO a secure mission environment. The contractor shall provide
realistic, innovative information security solutions to accomplish
the requirements in addition to program management. The services
obtained under this contract shall provide expertise to support
information systems security, security control assessments,
information assurance engineering, and security control assessments
test engineering. AT&T has an opening for an Security
Classification Assessor Test Engineer (SCATE 3) to -support the
Defense and Nat Security Cyber Security. The job duties of the
SCATE 3 are as follows:
As a senior member of a Red Team Lead
in the design and execution of adversarial based security testing
of various targets. Evaluating environments, applications, systems
or processes to discover weaknesses, and subsequently leverage
those discoveries into actionable real-world attack strategies.
Provide leadership and guidance to advance the operational
capabilities of the team and its subsequent ability to evaluate
risk to the enterprise Demonstrate an ability to structure a Red
Team and optimize it for execution, including programmatic
improvements to fill in gaps with the existing team. Perform and
lead a full scope of Red Team testing; including network
penetration, web application testing, threat analysis, wireless
network assessments, social-engineering testing, and
IDS/IPS/Antivirus evasion techniques. Utilize knowledge of
operating systems, networking protocols, firewalls, databases,
firmware, middleware, applications, forensic analysis, scripting,
and programming to perform adversarial based security engagements.
Develop comprehensive and accurate reports and presentations for
both technical and executive audiences. Mentor and lead junior
technical operators and clearly translate highly technical
information to senior management in a way that supports mission
goals. Help define the Red Team strategy to further enhance the
organization's security posture. Effectively communicate findings
and strategy to client stakeholders including technical staff,
executive leadership, and legal counsel. Provide risk-appropriate
and pragmatic recommendations to correct vulnerabilities found.
Configure and safely utilize attacker tools, tactics, and
procedures to improve the security posture of mission systems.
Develop scripts, tools, or methodologies to enhance the Red Team
processes. Required Clearance: TS/SCI with poly (#ts/sci)
(#polygraph) Required Qualifications: EXPERIENCE:
Experience in network penetration
testing and manipulation of network infrastructure. Experience in
shell scripting or automation of simple tasks using Perl, Python,
or Ruby. Experience developing, extending, or modifying exploits,
shellcode or exploit tools. Experience with Red, Blue, or Purple
teaming exercises. Working knowledge of exfiltration and lateral
movement tradecraft. Working knowledge of OSINT collection/
reconnaissance techniques for target selection. Strong attention to
detail with analytical and problem-solving skills. Knowledge of
tools used for web application and network security testing, such
as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Bloodhound,
Powershell Empire, Nessus, Web Inspect, NMAP, Nikto, Sqlmap, etc.
EDUCATION:
High School/GED/Associates AND 15
Years' Experience Associates Degree AND 12 Years' Experience
Bachelor's Degree AND 8 Years' Experience OR Master's Degree AND 5
Years' Experience CERTIFICATION: Must meet minimum requirements for
DoD 8570 IAT Level III to include ONE of the following:
CASP+ CE CCNP Security CISA CISSP (or
Associate) GCED GCIH CCSP Desired Qualifications:
A degree in a technical field
(Computer Science, IT Engineering, etc). Solid understanding of
common hosting environments such as containerization platforms
(e.g., Docker and Kubernetes) and virtual machines running under
hypervisors. Experience with source code review for control flow
and security flaws. An implementation level familiarity with all
common classes of modern exploitation such as: XSS, XMLi, SQLi,
Deserialization Attacks, etc. Thorough understanding of network
protocols, data on the wire, and covert channels. Mastery of
Unix/Linux/Mac/Windows operating systems, including bash and
Powershell. Experience in mobile and/or web application
assessments. Experience in email, phone, or physical
social-engineering assessments. Programming skills as well as the
ability to read and assess applications written in multiple
languages, such as JAVA, .NET, C#, or others. Emulate ransomware
and advanced persistent threats (APT) in support of Threat Hunt.
Industry certifications such as OSCP/OSCE, OSWE, GPEN, GCIH, GWAPT,
or GXPN. Ready to join our team? Apply Today! - - Our Security
Classification Assessor Test Engineer III earn between
$89,200K-180K yearly. Not to mention all the other amazing rewards
that working at AT&T offers. From health insurance to tuition
reimbursement and paid time off to discounts on products and
services just to name a few. There is a lot to be excited about
around here. Individual starting salary within this range may
depend on geography, experience, expertise, and
education/training.
Keywords: Regular, Chantilly , Security Classification Assessor Test Engineer III (Government), Engineering , Chantilly, Virginia
Didn't find what you're looking for? Search again!
Loading more jobs...
