Cybersecurity Exploit Developer

TITLE: Cybersecurity Exploit Developer

LOCATION: Suffolk/Norfolk, VA

CLEARANCE REQUIRED: Eligible to obtain and maintain a DoD Secret Clearance

EMPLOYMENT TYPE: Full-time, On-site

POSITION SUMMARY

As part of an industry leading cyber defense assessment team, develop and create tools and means to demonstrate penetration and exploitation techniques of computer networks. Operationalize tool capabilities to defeat current and emerging exploit mitigation techniques, bypass or evade defensive tools and maintain a covert presence within a network. Responsible for ensuring end-to-end functionality of the tools and making sure they are robust and ready for training and exercise support.

RESPONSIBILITIES (not limited to):

• Analyze and extrapolate from the latest Cyber threat intelligence new and evolving attack techniques.

• Develop tools to emulate effects of cyber-attacks for training.

• Develop usable exploits and implants.

• Design and develop remote access capabilities to use during training exercises and tests.

• Design and develop obscured communication and control channels.

• Conduct end-to-end testing of attack tools to ensure intended functionality while evading defensive tools.

• Collaborate with a team of experienced developers to create usable and robust attack tools.

• Collaborate across Cybersecurity professionals and similar teams to prioritize the development for the systems of interest.

• Exploit common vulnerabilities and misconfigurations associated with common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.)

• Target and analyze Windows and Active Directory environments.

REQUIRED SKILLS AND QUALIFICATIONS

• Eligible to obtain and maintain an active Department of Defense (DoD) Secret clearance is required.

• 5+ years' experience in exploit development, reverse engineering, red team capabilities and engineering.

• Knowledge of development programming languages (e.g., Python, C (+variants), .Net).

• Penetration Testing (PENTEST) of Enterprise Level Command & Control (C2) systems.

• Knowledge of Web Server configurations (e.g., Apache HTTP Server, Apache Tomcat, Microsoft IIS.)

• Planning and execution experience with technical cyber assessments or penetration tests.

• Experience performing code testing and peer-review to identify potential issues.

• Experience with developing and using testing methodology for cloud-based and networked systems.

• Experience modifying, testing and use of computer network attack and exploitation tools.

• General Information Security (INFOSEC) experience.

• Analysis experience of the exploitation of Windows Environments.

• Required Certifications:

• Certified Ethical Hacker (CEH) and Security + or higher

• Two of more technical certifications from the following list:

• Web Application Penetration Tester (WAPT)

• GIAC Web Application Penetration Tester (GWAPT)

• GIAC Penetration Tester (GPEN)

• Cisco Certified Network Associate (CCNA)

• Offensive Security Certified Professional (OSCP)

• CompTIA Penetration Testing (PenTest+)

PREFERRED SKILLS AND QUALIFICATIONS

• Willing and able to obtain a Top Secret clearance.

• Experience with examining various cyber threat TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into penetration tests or exercises.

• Ability to design, build, and implement software, Cyber assessment tools, information assurance products, or computer security applications, preferred.

• Experience with computer network or system design and implementation preferred.

• Employment contingent on customer acceptance of resume and qualifications.

• Knowledge of virtualization technology (VMWare, VirtualBox, etc.)

• Preferred Certifications:

• Offensive Security Certified Expert (OSCE)

• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

• U.S. Citizenship Required. The ability to obtain and maintain a U.S. security clearance is required. *

WHO WE ARE

EWA Warrior Services, LLC is a leading provider of innovative, cutting-edge services and solutions to the defense and aerospace sector. Our capabilities cover a wide range, including cyber defense, virtual and constructive test and evaluation (T&E), training and simulation, systems engineering and support, and software development. As a systems integrator and developer, we have over 45 years of experience designing, fabricating, maintaining, and sustaining complex instrumentation and threat simulation technologies for the T&E and Training communities on nearly every range within the U.S. Army Test and Evaluation Command and throughout the services. We leverage our experience in systems development, integration, and test and training range support; our drive for process driven quality and agility; and our commitment to open communication to ensure our team delivers products that support and further our customer's mission.