Red Team Penetration Tester (Virginia Beach, VA)

About the position

Peraton is seeking qualified individuals to join our team to provide engineering support for Cyber Situational Awareness (SA), Cyber Command and Control (C2), Mission Assurance, and Homeland Defense. This includes conducting Agile software engineering in a Development, Security, and Operations (DevSecOps) environment, performing Cloud architectural design, operation, and administration functions, and cyber security and Risk Management Framework (RMF) support. Also included are rapid design, development, test, deployment, maintenance and operation of specific software and hardware capabilities to meet current Cyber Defensive needs. The Naval Surface Warfare Center Dahlgren Division (NSWCDD) Dam Neck Activity's (DNA) work is focused on providing engineering, acquisition, logistical, and Cybersecurity (CS) support to the Navy, Marine Corps, Special Warfare Coalition, and Joint Forces for programs including but not limited to Common Total Ship Computing Environment (TSCE), Atlanta Weapon System (AtWS), NAVSEA Red Team, National Cyber Range Complex (NCRC), surface and sub training systems, and Risk Management Framework (RMF) Support for Explosive Ordinance Disposal (EOD). Are you ready to take your career to the next level while contributing to the defense of our nation? Peraton, a recognized leader in Cyber, Digital Transformation, Cloud, Operations, and Engineering, is seeking a skilled Red Team Penetration Tester to support a world-wide national intelligence program. This role plays a crucial part in delivering mission-critical technology solutions to the U.S. Intelligence Community, supporting operations that safeguard our nation's security. With the growing number of breaches of tactical and non-tactical computer systems, there is an increasing need to focus on the engineering aspects of CS. CS continues to be approached as compliance-based and this has not addressed significant shortcomings and vulnerabilities in the security of naval warfare systems and other service warfare systems. CS requirements must be included during the design, development, and sustainment phases of systems acquisition to ensure they are secure and Cyber-resilient throughout their Life-Cycle. Additionally, previously designed, and fielded systems must be evaluated on an engineering basis to determine potential changes to their design or supportability approaches. This is a fully on-site position at Dam Neck in Virginia Beach, VA.

Responsibilities

• Lead and execute complex penetration testing events and conduct offensive cybersecurity operations for the U.S. Government and DoD systems.
• Develop, modify, and utilize offensive security tools such as Metasploit, NMAP, Kali Linux, and Cobalt Strike.
• Mimic threat actor behavior using TTPs aligned with frameworks like MITRE ATT&CK.
• Conduct assessments across multiple operating systems including Linux, Windows, and macOS.
• Perform exploit development and identify zero-day or previously unknown vulnerabilities.
• Analyze, identify, and remediate gaps in offensive tools and development techniques.
• Perform development with at least two scripting or programming languages (Python, C++, Java, Rust, Assembly, C#, etc.) in support of exploit development.

Requirements

• Min 7 years with BS/BA or Min 5 years with MS/MA or Min 2 years with PhD.
• Four years of additional related experience may be considered in lieu of Bachelors.
• National Security Agency (NAC) Computer Network Operations Development Program (CNODP) Graduate.
• Must have CSSP Auditor certification.
• Must have prior Red Team full-time professional experience conducting penetration testing or offensive Cyber operations.
• Experience developing and utilizing penetration tools such as Metasploit, NMAP, Kali Linux, Cobalt Strike.
• Experience mimicking threat behavior.
• Experience utilizing various operating systems (Linux, Windows, MAC OS).
• Experience utilizing Active Directory.
• Experience performing exploit development.
• Experience identifying gaps in tools and development techniques.
• Experience performing development with at least two scripting or programming languages (python, C++, Java, Rust, Assembly, C#, etc.).
• Must possess Offensive Security Certified Professional (OSCP), or Offensive Security Certified Expert (OSCE), or Offensive Security Exploitation Expert (OSEE), or Offensive Security Wireless Professional (OSWP) certification.
• Active TS/SCI clearance.
• Current U.S. Passport or the ability to obtain prior to start.

Nice-to-haves

• Bachelor of Science in Information Systems, Information Technology, Computer Science, or Computer Engineering.
• Advanced Cyber Networking Certifications.
• Cisco Certified Network Professional (CCNP) certification.
• CCIE (Cisco Certified Internetwork Expert).
• CISSP (Certified Information Systems Security Professional).
• Seven (7) years of full-time professional experience conducting penetration testing or offensive Cyber operations.

Benefits

• Competitive compensation.
• Comprehensive benefits.
• Opportunities for career advancement.