Intelligent Waves - Washington, DC
posted 20 days ago
Full-time - Mid Level
Washington, DC
Merchant Wholesalers, Durable Goods
About the position
The Intermediate Red Team Operator at Intelligent Waves LLC is responsible for conducting red team exercises to assess and enhance the security posture of production IT systems, facilities, and personnel for a critical Department of Justice customer. This role involves executing various penetration testing techniques, including spear phishing campaigns and physical penetration assessments, to identify vulnerabilities and improve security measures. The operator will utilize advanced tools and frameworks to simulate real-world attacks while adhering to established rules of engagement and standard operating procedures.
Responsibilities
- Conduct red team exercises against production IT systems, facilities, and personnel belonging to the AO and the Courts.
- Develop and conduct spear phishing campaigns to gain internal network access.
- Conduct exploitation of external facing assets to gain internal network access.
- Conduct post-exploitation actions towards exercise objectives.
- Conduct on-site physical penetration assessments at various federal courthouses and other Court locations to obtain access to the internal network.
- Use custom code and/or commercial-off-the-shelf (COTS) exploitation frameworks to bypass and penetrate network and system defenses.
- Comply with the unique rules of engagement (ROE) provided for each exercise along with the standard operating procedures (SOP) for overall Red Team operations.
- Employ red team tradecraft while conducting exercises.
Requirements
- Minimum 4 years of direct, hands-on technical red team and/or government computer network exploitation/tack operations experience.
- Minimum 4 years of hands-on experience with using penetration testing and red teaming software frameworks (Cobalt Strike, Kali, etc.) in a production environment.
- Minimum 4 years of experience of network technologies and protocols (OSI model, routing, building, and troubleshooting networks, etc.).
- Minimum 4 years of experience of 'living off the land' TTPs and investigation thereof.
- Ability to secure, configure, deploy, and troubleshoot popular operating systems (Windows, major *nix flavors, MacOS).
- Minimum 4 years of experience in scripting and programming languages (Bash, C#, Ruby, Perl, Python, PHP, etc.).
- Minimum 4 years of social engineering and physical security penetration testing.
- Minimum 4 years of experience writing cybersecurity assessment reports.
- CRTO certification (or ability to have CRTO within 3 months of onboarding) required.
Nice-to-haves
- OSCP and/or GPEN certifications are preferred, but not required.
Benefits
- Health insurance
- Dental insurance
- 401(k)
- Paid time off
- Vision insurance
- 401(k) matching
