Experience Inc. Jobs

Job Information

SAIC Penetration Tester- Manager in QUANTICO, Virginia


SAIC is seeking a Penetration Test Manager (DoD Red Team Manager) to work onsite with our customer in Quantico, VA. This position supports the Marine Corps Cyberspace Operations Group (MCCOG) .

This position is contingent upon contract award. If awarded, work will begin in Fall 2023.

Job Description:

The Lead Penetration Tester will support ethical hacking and penetration testing consisting of operational network exploitation and cyber threat emulation targeting local area network and wide area network systems, aligned with the NIST 800-115. The Government conducts approximately 10-15 full scale Red Team operations per year, 20 phishing assessments, and additional smaller missions as needed to assess new and emerging threats. This support consists of the development of custom malware in support of targeted operations that range from two weeks in duration to operations that last approximately four to six weeks in duration. These operations evaluate and assess the security posture of individual units both in garrison and deployed as well as assessments of the Government’s Enterprise Network.

DoD Red Team Manager (Lead Penetration Tester) will support approximately 8 DOD cyber exercises per year as the cyberspace opposing force. Capabilities required include wireless security exploitation, local and remote network exploitation, close access (physical security) penetration testing, user driven attacks (including phishing and social engineering), and long-term persistence operations. Contractor staff will be expected to research and develop exploit code for test and evaluation of mitigation solutions, as well as develop and maintain custom applications (malware development) to ensure Command and Control during Red Team operations.

DoD Red Team Manager will provide staff with programming experience (e.g., Python, Visual Basic .NET, C Sharp, and PowerShell) and familiarity with ethical hacking frameworks and utilities (e.g., the Kali Operating System, Metasploit, and Meterpreter). Staff assigned to this task must meet the Government’s established qualification process and criteria as documented in the DoD Cyber Red Team Certification and Accreditation Handbook.

Duties and Responsibilities:

  • All Red Team personnel must successfully complete the Government’s “Red Team Operator’s Course” and the Government’s “Red Team Operator Certification Program” in order to participate in Red Team operations as part of a National Security Agency (NSA) accredited DoD Cyberspace Red Team.

  • Conduct no-notice and cooperative Red Team assessments and operations.

  • Identify network and system vulnerabilities and misconfigurations likely to be executed by advanced adversaries through the use of threat intelligence and expert employment of emulated adversary tools.

  • Develop and submit detailed technical reports containing information about actions taken, findings, analysis and recommendations. Reports must contain the information necessary to deconflict all adversary emulation actions well-after the mission is complete. Technical Reports must be accurate and contain all data required for final reporting and deconfliction (CDRL A002).

  • Research existing exploit code and/or develop proof-of-concept or exploit code for test and evaluation of mitigation solutions. Develop and maintain custom applications (malware development) to support mission requirements to ensure Command and Control during Red Team operations. The software produced must align with best practices established by USCYBERCOM.


Position Requirements:

  • Active TS/SCI Clearance

  • Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.

  • At least five (5) years of experience performing various assessments (penetrations tests of systems and networks within a DOD Network Environment of enclave.

  • At least five (5) years of experience developing and maintaining custom applications that exploit known system vulnerabilities or system misconfigurations to gain system command and control during red team operations.

  • DoDD 8570 IAT III Certification (i.e. CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP)

  • Possess DoDD 8570 CSSP Auditor certification

View Additional positions with this team here: https://jobs.saic.com/mccogEM

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site. REQNUMBER: 2300661

SAIC is a premier technology integrator, solving our nation’s most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability