SRC is currently seeking a Level 4 Security Certification and Assessor Test Evaluator (SCATE) to support one of our customers in the Chantilly, VA. Area.

As a senior member of the Red Team, you will be responsible to lead in the design and execution of adversarial based security testing of various targets. Successful candidates must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real world attack strategies. Will provide leadership and guidance to advance the operational capabilities of the team and its subsequent ability to evaluate risk to the enterprise.

SRC, Inc., a not-for-profit research and development company, combines information, science, technology and ingenuity across our family of companies to deliver innovative, advanced defense solutions and products that are redefining possible®. Since 1957, our commitment to the customer and the best solution – not the bottom line – has remained a core value that guides our efforts. This passion for quality carries through to the technologies we invent and manufacture, the laboratories and facilities we build, the people we hire, and the communities we support.

At SRC, we provide you the freedom and the resources to solve “impossible” problems in a collaborative work environment that integrates research, development and manufacturing. We strive to proactively identify and eliminate barriers that prevent our employees’ full participation and are committed to ensuring an inclusive and equitable workplace for all our employees. When you join our team, you’ll be a part of something truly meaningful. You’ll join more than 1,300 engineers, scientists and professionals — with 20 percent of those employees having served in the military — helping to keep America and its allies safe and strong.

In return, you’ll enjoy an inclusive work environment, receive a competitive salary, and experience a comprehensive benefits package that includes four or more weeks of paid time off to start, 10 percent of an employee’s compensation contributed toward retirement, and 100 percent tuition support.

Responsibilities:

Responsibilities include, but are not limited to

• Demonstrate an ability to structure a Red Team and optimize it for execution, including programmatic improvements to fill in gaps with the existing team.
• Perform and lead a full scope of Red Team testing; including network penetration, web application testing, threat analysis, wireless network assessments, social-engineering testing, and IDS/IPS/Antivirus evasion techniques.
• Utilize knowledge of operating systems, networking protocols, firewalls, databases, firmware, middleware, applications, forensic analysis, scripting, and programming to perform adversarial based security engagements.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Mentor and lead junior technical operators and clearly translate highly technical information to senior management in a way that supports mission goals.
• Help define the Red Team strategy to further enhance the organization’s security posture.
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
• Provide risk-appropriate and pragmatic recommendations to correct vulnerabilities found.
• Configure and safely utilize attacker tools, tactics, and procedures to improve the security posture of mission systems.
• Develop scripts, tools, or methodologies to enhance the Red Team processes.

Position Requirements:

• Bachelor's Degree and 15 years of work experience or Master’s Degree and 10 years of work experience.
• TS/SCI with CI Polygraph security clearance required
• Experience in network penetration testing and manipulation of network infrastructure.
• Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.
• Experience developing, extending, or modifying exploits, shellcode or exploit tools.
• Experience with Red, Blue, or Purple teaming exercises.
• Working knowledge of exfiltration and lateral movement tradecraft.
• Working knowledge of OSINT collection/ reconnaissance techniques for target selection.
• Strong attention to detail with analytical and problem-solving skills.
• Knowledge of tools used for web application and network security testing, such as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Bloodhound, Powershell Empire, Nessus, Web Inspect, NMAP, Nikto, Sqlmap, etc.
• 8570 Level 3 IAT certification.

Desired:

• A degree in a technical field (Computer Science, IT Engineering, etc.).
• Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.
• Experience with source code review for control flow and security flaws.
• An implementation level familiarity with all common classes of modern exploitation such as: XSS, XMLi, SQLi, Deserialization Attacks, etc.
• Thorough understanding of network protocols, data on the wire, and covert channels.
• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell.
• Experience in mobile and/or web application assessments.
• Experience in email, phone, or physical social-engineering assessments.
• Programming skills as well as the ability to read and assess applications written in multiple languages, such as JAVA, .NET, C#, or others.
• Emulate ransomware and advanced persistent threats (APT) in support of Threat Hunt.
• Industry certifications such as OSCP/OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN.

Security Requirements

• An active Top Secret/SCI security clearance and current CI investigation are required.