Valiant Integrated Services - Franconia, VA
posted 2 months ago
Valiant Integrated Services is seeking a Senior DevSecOps Specialist to support the Defense Threat Reduction Agency's (DTRA) Advance Red Cyber program. This role involves executing Red Team Assessments, which are critical in evaluating the security posture of U.S. Government and DoD critical networks. The Senior DevSecOps Specialist will be tasked with creating innovative tools for Red Cyber team Operators, enabling them to conduct thorough cyber assessments from an adversarial perspective. This position is pivotal in testing and evaluating protection strategies against identified vulnerabilities, utilizing a full spectrum of adversarial capabilities while adhering to legal, safety, and security constraints. In this role, the specialist will develop tools, exploits, and code specifically for red cyber operations. This includes conducting open-source research to identify cyber-related vulnerabilities and developing corresponding exploits. The position requires expertise in reverse engineering, allowing the specialist to analyze source code and create effective tools or exploits. The specialist will also be responsible for performing code reviews on all offensive scripts and shepherding them through the necessary approval processes. Additionally, the role involves analyzing operational Techniques, Tactics, and Procedures (TTPs) to automate and enhance operational processes, thereby improving the emulation of adversarial threats and attacks. The Senior DevSecOps Specialist will document safe and secure usage protocols for both internally and externally developed tools in accordance with Red Team policies and procedures. They will support and conduct DevOps reviews of code for operational approval and leverage existing proof of concept code to tailor exploits for use in Command and Control (C2) tools. The specialist will also be expected to support urgent development requests, which may require rapid assembly, testing, and approval of tailored tools and exploits within a 24-hour timeframe after identifying a vulnerability.