Senior Offensive Security Engineer
Description:
Job Responsibilities
•Threat Intelligence Research: lead the charge on analyzing cybersecurity attacks including RF against Software Defined Radios, trends, and methodologies using unclassified/classified Threat Intelligence. This includes working with government/academic/commercial researchers and institutions, operational technology research labs, commercial companies and public and private cybersecurity information sharing groups (e.g., ISACs) to research and investigate in more detail vulnerabilities including zero days and techniques that could impact critical national infrastructure, defense, and our networks. Collaborate with a cross-functional team of the engineering, data science, product management, product marketing, and senior leadership to enhance the company's detection and response capabilities.
•Active and hands-on participation in Red Team Exercises and Penetration Testing: employ simulated adversary threat-based approaches to expose and exploit vulnerabilities and weaknesses to improve the security of both ours and customer products and networks. Replicate tactics and techniques used by modern attackers, common network exploitation and penetration techniques as well as common software exploitation techniques. Develop attack plans to meet the specified objectives and coordinate with other Red Team Operators to achieve these goals. Provide constructive feedback to the defenders and product teams on their successes and failures. Make automation and security assessment tool development and implementation recommendation that assist with Red Team exercises and Penetration Testing.
Requirements
•Engineering, Physics, Mathematics, Computer Science Degree, or other technical degree
•Proficiency in PowerShell, Python, C, C#, Go or other to build and extend toolsets
•Experience with network security test tools and scanners ranging from nmap, Netsparker, Nessus, to Metasploit and Cobalt Strike
•Understanding of networking protocols with a preference for secure ones like SSH, HTTPS, TLS, IpSec, and others
•Familiarity with Digital Signal Processing and/or RF telecommunications with a preference for experience with SATCOM using GNU Radio or MatLab
•Understanding of security vulnerabilities and common software engineering flaws Infrastructure, product, and/or application level penetration or Red Team testing experience Knowledge of attacker lifecycles and defender strategies
•A desire for continued learning, research, and expansion of skillsets essential to the role
•A Subject Matter Expert for Red Team/Penetration Testing activities, technologies, and tools
•Must have the ability to maintain an "Aggressive, Outsider Mindset" to "Think like an Attacker"
•Experience with Linux/embedded Linux/RTOS
•Active Secret clearance
•Occasional Travel up to 10%
•US citizenship
Preferences
•Advanced offensive security certifications (i.e., OSCP/OSEP)
•SW engineering experience
•Developing custom exploits
•White box testing and exploitation analysis using source code analysis
•Black box testing and exploitation analysis using reverse engineering and protocol fuzzing
•Active TS/SCI clearance
•Experience with reverse engineering products and/or software
•Experience with satellite communications systems/terminals
•Experience with Software Defined Radio tools such as GNU Radio
•Experience with Operational Technology (OT) assessments
•Demonstrate proficiency in system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structure Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
•Excellent written and verbal communication skills with the ability to communicate at a technical and business user level