Red Team Operator (Lvl III)

System High Corporation delivers the most advanced protection and secrecy solutions to secure and strengthen critical missions, programs, operations, and intelligence activities. We are seeking a Red Team Operator to join our team to help contribute to our success and help us solve problems with innovation through intelligence.

As a senior member of the Red Team, you will be responsible to lead in the design and execution of adversarial based security testing of various targets. Successful candidates must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real world attack strategies. Will provide leadership and guidance to advance the operational capabilities of the team and its subsequent ability to evaluate risk to the enterprise.

• Demonstrate an ability to structure a Red Team and optimize it for execution, including programmatic improvements to fill in gaps with the existing team.
• Perform and lead a full scope of Red Team testing; including network penetration, web application testing, threat analysis, wireless network assessments, social-engineering testing, and IDS/IPS/Antivirus evasion techniques.
• Utilize knowledge of operating systems, networking protocols, firewalls, databases, firmware, middleware, applications, forensic analysis, scripting, and programming to perform adversarial based security engagements.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Mentor and lead junior technical operators and clearly translate highly technical information to senior management in a way that supports mission goals.
• Help define the Red Team strategy to further enhance the organization's security posture.
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
• Provide risk-appropriate and pragmatic recommendations to correct vulnerabilities found.
• Configure and safely utilize attacker tools, tactics, and procedures to improve the security posture of mission systems.
• Develop scripts, tools, or methodologies to enhance the Red Team processes.

Required:

• High School Diploma/GED and 15 years of work experience or Associate's Degree and 12 years of work experience or Bachelor's Degree and 8 years of work experience or Master's Degree and 5 years of work experience.
• Experience in network penetration testing and manipulation of network infrastructure.
• Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.
• Experience developing, extending, or modifying exploits, shellcode or exploit tools.
• Experience with Red, Blue, or Purple teaming exercises.
• Working knowledge of exfiltration and lateral movement tradecraft.
• Working knowledge of OSINT collection/ reconnaissance techniques for target selection.
• Strong attention to detail with analytical and problem-solving skills.
• Knowledge of tools used for web application and network security testing, such as Kali Linux, Metasploit, Burp suite, Cobalt Strike, Bloodhound, Powershell Empire, Nessus, Web Inspect, NMAP, Nikto, Sqlmap, etc.
• 8570 Level 3 IAT certification.

Desired:

• A degree in a technical field (Computer Science, IT Engineering, etc).
• Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.
• Experience with source code review for control flow and security flaws.
• An implementation level familiarity with all common classes of modern exploitation such as: XSS, XMLi, SQLi, Deserialization Attacks, etc.
• Thorough understanding of network protocols, data on the wire, and covert channels.
• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell.
• Experience in mobile and/or web application assessments.
• Experience in email, phone, or physical social-engineering assessments.
• Programming skills as well as the ability to read and assess applications written in multiple languages, such as JAVA, .NET, C#, or others.
• Emulate ransomware and advanced persistent threats (APT) in support of Threat Hunt.
• Industry certifications such as OSCP/OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN.

Additional Information

• This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description.
• In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

• System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.

• System High values the power and strength of diverse backgrounds on the culture and performance of our company. We strive to maintain an inclusive culture to encourage each employee to bring their whole self to the mission.
• System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.
• Equal opportunity legal notices can be viewed on the following PDF's: EEO is the Law; EEO is the Law Supplement; Pay Transparency Nondiscrimination

Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh.com or msg.paycomonline.com email address.