Red Team Penetration Tester (Virginia Beach, VA)

About the position

Peraton is seeking qualified individuals to join our team to provide engineering support for Cyber Situational Awareness (SA), Cyber Command and Control (C2), Mission Assurance, and Homeland Defense. This includes conducting Agile software engineering in a Development, Security, and Operations (DevSecOps) environment, performing Cloud architectural design, operation, and administration functions, and cyber security and Risk Management Framework (RMF) support. Also included are rapid design, development, test, deployment, maintenance and operation of specific software and hardware capabilities to meet current Cyber Defensive needs. The Naval Surface Warfare Center Dahlgren Division (NSWCDD) Dam Neck Activity's (DNA) work is focused on providing engineering, acquisition, logistical, and Cybersecurity (CS) support to the Navy, Marine Corps, Special Warfare Coalition, and Joint Forces for programs including but not limited to Common Total Ship Computing Environment (TSCE), Atlanta Weapon System (AtWS), NAVSEA Red Team, National Cyber Range Complex (NCRC), surface and sub training systems, and Risk Management Framework (RMF) Support for Explosive Ordinance Disposal (EOD). Are you ready to take your career to the next level while contributing to the defense of our nation? Peraton, a recognized leader in Cyber, Digital Transformation, Cloud, Operations, and Engineering, is seeking a skilled Red Team Penetration Tester to bring extensive experience in COMSEC management, tactical network configuration, and collaboration with cross-functional personnel to maintain secure communications capabilities in support of critical operations. With the growing number of breaches of tactical and non-tactical computer systems, there is an increasing need to focus on the engineering aspects of CS. CS continues to be approached as compliance-based and this has not addressed significant shortcomings and vulnerabilities in the security of naval warfare systems and other service warfare systems. CS requirements must be included during the design, development, and sustainment phases of systems acquisition to ensure they are secure and Cyber-resilient throughout their Life-Cycle. Additionally, previously designed, and fielded systems must be evaluated on an engineering basis to determine potential changes to their design or supportability approaches. This position is fully on-site at Dam Neck in Virginia Beach, VA.

Responsibilities

• Develop, modify, and utilize offensive security tools such as Metasploit, NMAP, Kali Linux, and Cobalt Strike
• Mimic threat actor behavior using TTPs aligned with frameworks like MITRE ATT&CK
• Conduct assessments across multiple operating systems including Linux, Windows, and macOS
• Perform exploit development and identify zero-day or previously unknown vulnerabilities
• Analyze, identify, and remediate gaps in offensive tools and development techniques
• Perform development with at least two scripting or programming languages (Python, C+, Java, Rust, Assembly, C#, etc.) in support of exploit development

Requirements

• Min 10 years with BS/BA or Min 8 years with MS/MA or Min 5 years with PhD
• In-depth understanding of computer security, military system specifications, and DoD cybersecurity policies
• Strong ability to communicate clearly and succinctly in written and oral presentations
• Must possess one or more of the following DoD 8570.01-M CSSP Auditor certifications: CEH, CySA+, CISA, GSNA, CFR, PenTest+
• Must possess Offensive Security Certified Professional (OSCP) certification
• Must possess one or more of the following certifications: Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP)
• An ACTIVE Top Secret with SCI eligibility
• Current U.S. passport or the ability to obtain prior to start

Nice-to-haves

• Education: Bachelor of Science in Information Systems, Bachelor of Science in Information Technology, Bachelor of Science in Computer Science, or Bachelor of Science in Computer Engineering
• Ten (10) years of full-time professional experience conducting penetration testing and/or offensive Cyber operations including demonstrated experience in each of the following areas: Developing and utilizing penetration tools such as Metasploit, NMAP, Kali Linux, Cobalt Strike, Mimicking threat behavior and adversary emulation, Utilizing various operating systems (Linux, Windows, MAC OS), Utilizing Active Directory, Performing exploit development, Identifying gaps in tools and development techniques, Performing development with at least two scripting or programming languages (python, C+, Java, Rust, Assembly, C#, etc.)

Benefits

• Competitive compensation
• Comprehensive benefits
• Opportunities for career advancement