The Challenge: 

Are you looking to put your problem-solving prowess to the test and emulate advanced persistent threats? You know that offensive, defensive, and operations teams play a key role in defending the nations systems. As an Attack Chain Automation Engineer, you’ll have the opportunity to work with talented Red Teamers and Operations experts to duplicate real world threats in an exciting virtual testing platform. You will create custom solutions to mimic real world attacks in a controlled environment, including creating tools, maintaining testing platforms, and innovating advanced scenarios to better train the next generation of cyber warriors. You’ll perform automated adversarial tactics techniques and procedures, including establishing footholds in networks, lateral movement, detection evasion, data exfiltration, and destruction, to perfect our defender’s ability to respond to rapidly evolving threats.

Are you ready to help us combat the most advanced adversaries?

Join us. The world can’t wait.

You Have:

• 3+ years of experience with Cybersecurity

• 1+ years of experience with penetration testing or offensive cyber testing

• Ability to modify or create existing code, including Python, Ruby, PowerShell, Bash, or .NET

• Experience using Kali as an attack platform

• Ability to document work

• Secret clearance

• HS diploma or GED

Nice If You Have:

• Experience conducing Red or Purple teaming exercises

• Experience with simulating realistic user activity and traffic in a range environment

• Experience with system administration and the software and system development life cycle and red-teaming and covert computer network exploitation

• Knowledge of MITRE ATT&K

• Knowledge of purple and red teaming frameworks, including caldera, atomic red team, and scythe

• Ability to mentor junior and mid-level staff by teaching the latest penetration testing techniques

• Ability to craft custom exploits for proof-of-concept code

• Ability to reverse engineer and modify malware

• TS/SCI clearance

• Offensive Security Certified Professional (OSCP) or SANS GIAC Penetration Tester Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

• Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

• Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and funding to advance your skills.

• Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

• Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

• Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.