Red Cyber Operator

DTRA Cyber Red Team Position

The DTRA Cyber Red Team is an applicant DoD Cyber Red Team looking for motivated, self-starters to help build the organization's red cyber capability and capacity in support of the Certification and Accreditation (C&A) process. The candidate's contributions will play an important role in the C&A process.

Red Cyber Operators (RCO) emulate a potential adversary's offensive cyberspace operations and exploitation techniques against a targeted mission, system, network, component, or capability.

RCOs action information gathered from readily available open-source internet resources to identify exposed or compromised information, vulnerabilities, and misconfigurations. The RCOs employ tools against these compromises, to demonstrate a loss of confidence in the target's functional and security posture forcing the target to operate in a degraded, disrupted, or denied cyber environment. Red Cyber Operators will be assigned to both White and Red Cells.

Prior to physical assessment operations, the Red Cyber Operators will work closely with Red Cyber Analysts to identify targets, research, scan, and map networks. During these components of the assessment, Red Cyber Operators will not deliver effects that could be categorized as anything but Reconnaissance or collecting technical targeting data. The purpose of reconnaissance is to gather information for network and information system characterization, identifying and gathering information on organizations through users that are determined to be of high value in answering PIRs or in the development of follow-on Red Team operations.

When authorized by the customer, asset owner, or other stakeholder, the Red Cyber Operator will demonstrate a potential adversary's offensive based cyberspace operations or intelligence collection capabilities against a targeted mission or capability. Demonstrations will be performed under a "White Card" and conform to ethical, aka white hat hacking principles. All activities performed by Red Cyber Operators will comply with all US Cyber Command Standing Ground Rules.

Responsibilities

• Characterize the adversary – Research the structure, ideology, intentions, tactics, and capabilities of adversarial organizations to develop threat characterization using a combination of both classified and unclassified sources.
• Contribute to threat emulation – Identify information requirements, develop assessment strategies and collection plans, identify information sources, and develop and conduct research of publicly available information (PAI) to determine adversary courses of action and relevant information requirements (IR).
• Analyze and characterize targeted mission, system, network, component, or capability and conduct analysis appropriate to the program, identify essential functions/tasks and critical assets necessary to perform them as determined by the program leader.
• Contribute to developing adversary courses of action (CoA). Develop courses of action an adversary could employ in and through cyberspace directed against customer personnel, equipment, facilities, networks, information and information systems, infrastructure, and supply chains.
• Support field assessments from an adversary perspective. In conjunction with DoD Red Team Partners, conduct field assessments and demonstrate cyber courses of actions in accordance with Program Plans, operations orders, ground rules, and other directives.
• Synthesize findings to support vulnerability identification, course of action development, protection studies, trend analyses, risk analysis, and mitigation strategies.
• Develop a comprehensive understanding of the implications of vulnerabilities discovered by the other specialists and fuse those findings with the systems analysis and determine impacts to the national and military missions they support.
• Prepare activity reports including out briefs, senior leader briefs, interim progress reports (IPRs) and briefs, white papers, after action reviews, final reports, risk analysis products, and other documents necessary to convey assessment findings to customers, partners, and other stakeholders.

Required Skills/Qualifications

• Education:
  • 6 years in lieu of a degree, OR
  • 4 years of experience with Bachelor's degree, OR
  • 2 years of experience with Master's degree.
• Field of study: Computer Science, Computer Forensics, Computer Engineering, Electrical Engineering, or a related technical discipline.
• Experience:
  • Demonstrated operational experience in the military, other Federal Government, or comparable civilian position in Cyberspace Operations (Offensive Cyberspace Operations, Defensive Cyberspace Operations, and Cyberspace Exploitation) Cyber Red Team, Penetration Testing, and/or Information Operations (IO).
  • Demonstrated experience with at least one automation scripting language (Powershell, Python, Perl, Ruby, Java, etc)
  • Current active TS SCI clearance
• Certifications:
  • Possess at least ONE (1) of the following certifications or obtain within 180 days of hire:
    • Offensive-Security Certified Professional (OSCP)
    • Offensive-Security Certified Expert (OSCE)
    • Offensive-Security Exploitation Expert (OSEE)
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
    • GIAC Penetration Tester (GPEN)
    • GIAC Web Application Penetration Tester (GWAPT)
  • Possess at least ONE (1) of the following certifications based on DoD 8570.1-M requirements at a minimum IAT Level III:
    • CASP+CE
    • CCNP Security
    • CISA
    • CISSP
    • GCED
    • GCIH
  • Possess at least ONE (1) of the following certifications
    • CEH
    • CySA
    • CISA
    • GSNA
    • CFR
    • PenTest+

Desired Skills/Qualifications

• Knowledge, Training, or experience working with ICS/SCADA or IoT devices. GICSP, GCIP, GRID or ISA/IEC desirable.
• Have at least five demonstrated years of using open-source tools and operating systems or hold a comparable Linux certification.
• Possess working knowledge of Department of Defense's Cybersecurity Vulnerability Alert and Incident Response process.
• Possess excellent written and verbal communication skills.
• Possess a working knowledge of Computer Network vulnerability/compliance analysis software.
• Possess working knowledge of RMF processes Possess a working knowledge of Microsoft Office Suite to include an ability to prepare PowerPoint presentations, reports, and white papers.