Red Team Operator, Lead

Key Role:

Assess the state of the client organization’s cybersecurity efforts from the perspective of an adversary with malicious intent targeting their people, processes, and technologies. Process cyber threat intelligence in accordance with the intelligence cycle. Build an understanding of the types of tactics, techniques, and procedures (TTPs) these adversaries may employ that would be most damaging to the organization’s security posture. Leverage the MITRE ATT&CK framework to develop threat models and methodologies in building operational engagement plans. Create test cases each individual TTP found in ATT&CK as well as custom and more advanced variants to assess the organization’s coverage across a spectrum of intrusion sets and scenarios. Develop and use malware, pivoting, and escalating privileges to test the organization’s security effectiveness. Ensure that Red Team operations performed on production environments are done in a safe and responsible manner. 

Basic Qualifications:

-5 years of experience in an IT or Cybersecurity field

-2 years of experience with DoD Red Team operations, offensive penetration testing, or cyber threat emulation

-Experience with one or more scripting languages, including Python, Bash, JavaScript, or PowerShell

-Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls

-Knowledge of testing tools, including Kali Linux, Metasploit, Nmap, Burp Suite, Qualys, Nessus, OWASP, Powersploit, or Cobalt Strike

-Knowledge of network mapping, vulnerability scanning, penetration testing, Web Application testing, database operations, and system or network administration

-Knowledge of the procedures of phishing assessments, wireless assessments, operating system security assessments, and database assessments

-Active TS/SCI clearance

-AA or AS degree

-DoD 8570 IAT Level II or equivalent Certification

Additional Qualifications:

-Knowledge of testing API, AWS, Azure, and other Cloud-based environments preferred


-CEH, CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, AWS, or Azure Certification preferred


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.