Job Description
Company: Booz Allen Hamilton
Location: US
About the position
Conduct testing and analysis to identify vulnerabilities and potential threat vectors in systems and networks, develop exploits, and engineer attack methodologies. Leverage understanding of MITRE ATT&CK and common cybersecurity control implementations to plan and conduct threat-based assessments. Apply advanced advising skills, extensive technical expertise, and full industry knowledge. Develop innovative solutions to complex problems. Work without considerable direction, and mentor and supervise team members, as needed.
Responsibilities
• Conduct testing and analysis to identify vulnerabilities and potential threat vectors in systems and networks
• Develop exploits
• Engineer attack methodologies
• Plan and conduct threat-based assessments using MITRE ATT&CK and common cybersecurity control implementations
• Apply advanced advising skills, extensive technical expertise, and full industry knowledge
• Develop innovative solutions to complex problems
• Work without considerable direction
• Mentor and supervise team members, as needed
Requirements
• 3+ years of experience with MITRE ATT&CK, test planning and security control assessment
• 3+ years of experience with cyber penetration testing or developing risk and threat mitigation plans
• 3+ years of experience operating in Linux, Windows, and virtual platforms
• 3+ years of experience with computer attack methods and system exploitation techniques
• 3+ years of experience leveraging adversarial tactics to conduct hands-on security testing
• 3+ years of experience performing network security analysis, including software or traffic analysis
• Secret clearance
• HS diploma or GED
Nice-to-haves
• Experience with Breach and Attack Simulation tools such as Atomic Red Team, Scythe, Mandiant ASV or AttackIQ
• Experience manually auditing source code, including Java, Ruby, Python, JavaScript, Rust, or C, to find security issues
• Experience with system security engineering and security architecture
• Knowledge of tools, tactics, and techniques targeting Artificial Intelligence (AI) systems and their ecosystems
• Bachelor’s degree in CS, Information Systems, Engineering, or a related field
• Offensive Security Certified Professional (OSCP), HTB Certified Penetration Tester Specialist (CPTS), eLearnSecurity Junior Penetration Tester (EJPT), GIAC Global Information Assurance Penetration Tester (GPEN), or GIAC Cloud Penetration Tester Certification
Benefits
• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program
Source: Teal