Parsons Corporation Exploit Developer in Fort Belvoir, Virginia
Minimum Clearance Required to Start:
Top Secret SCI
JOB DESCRIPTION Exploit Developer (ED) SUMMARY Are you ready for a challenge that will keep you on the cutting edge of cyber-security while supporting multidisciplinary mission assurance / vulnerability assessments on critical mission systems? Parsons provides comprehensive cyber security expertise for national defense programs and is seeking employees with an eye for detail, a drive to succeed, and a passion for ensuring mission success.The Exploit Developer is an integral member of the Defense Threat Reduction Agency (DTRA) Red Assessment Team. The DoD's premier Red Assessment Team is unique in that it performs assessments from an adversarial perspective, emulating the full spectrum of identified capabilities from lone actor to the well-financed terrorist organization to the foreign intelligence entities to demonstrate exploitation of vulnerabilities. The ED will help build the organization's red cyber capability-as part of both the Red and White cells-and capacity in support of the Certification and Accreditation (C&A) process. The ED will be responsible for creating new and innovative tools for Red Cyber Space Operators to use in cyber assessment operations of US Government and DoD critical networks.Assessment teams may deploy to high threat but permissive environments anywhere in the world. CONUS and OCONUS travel for durations of up to two weeks per trip.Top Secret/SCI Security Clearance eligibility required ESSENTIAL DUTIES AND RESPONSIBILITIES
Emulate a potential adversary's offensive cyberspace operations and exploitation techniques against a targeted mission, system, network, component, or capability
Use information gathered from readily available open source internet resources to identify exposed or compromised information, vulnerabilities, and misconfigurations
Employ tools against identified compromises to demonstrate a loss of confidence in the target's functional and security posture forcing the target to operate in a degraded, disrupted, or denied cyber environment
Work closely with Red Cyber Analysts to identify targets, research, scan, and map networks
When authorized, demonstrate a potential adversary's offensive-based cyberspace operations or intelligence collection capabilities against a targeted mission or capability in accordance with ethical hacking principles and in compliance with U.S. Cyber Command Standing Ground Rules
Reverse engineer source code to develop exploits
Perform code review on all offensive scripts/code and shepherding them through all approval processes
Develop, vette, and validate exploits IAW DoD and Red Team policy and procedures prior to leveraging exploits for operations ICW technical oversight and guidance
Keep apprised of emerging cyber threats and attack methodologies and sharing this information with Red Team personnel to enhance cyber assessment efforts
Analyze operational TTPs and developing exploits and scripts to automate and improve operational processes. These products will be used to better emulate adversarial threats and attacks and demonstrate and exploit vulnerabilities to sensitive mission critical networks and systems.
Document safe and secure usage for internally and externally developed tools IAW with Red Team policies and procedures
Leverage proof of concept (POC) code to build/tailor exploits for use in Command and Control (C2) tools
Support the development and tuning of C2 tools to enhance effectiveness and reduce detection likelihood
EDUCATION AND/OR EXPERIENCE
Possess a Bachelor's degree or higher in a Computer Science, Computer Forensics, Computer Engineering, Cybersecurity, Electrical Engineering, or a related technical discipline; commensurate operational experience can serve as a substitute for degree requirements
Possess a minimum of 5 years operational experience in the military, other Federal Government, or comparable civilian position in Cyberspace Operations (Offensive Cyberspace Operations, Defensive Cyberspace Operations, and Cyberspace Exploitation), Cyber Red Team, Penetration Testing, and/or Information Operations (IO)
Possess IAT Level III and CSSP Auditor certifications as defined and 8570.01-M, or ability to obtain certifications within 180 days of hire
GICSP, GCIP, GRID, or ISA/IEC desirable
KNOWLEDGE, SKILLS, AND ABILITIES
Possess a minimum of five years demonstrated experience using open source tools and operating systems or hold a comparable Linux certification
Possess working knowledge of DoD's Cybersecurity Vulnerability Alert and Incident Response process
Possess a working knowledge of computer network vulnerability/compliance analysis software
Possess excellent written and verbal communication skills
Possess expert knowledge of Microsoft Office Suite (Word, Excel, PowerPoint, Visio) to prepare presentations, reports, and white papers
Must be able to obtain, maintain and/or currently possess a security clearance.
The position may require a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief as required by federal, state, provincial or local mandates or customer requirements.
Parsons is an equal opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBTQ+. All qualified applicants will receive consideration for employment without regard to an individual’s race, color, religion, national origin, ethnicity, union affiliation, age, sex, sexual orientation, gender identity and expression, pregnancy, employable physical or mental disability, veteran status, genetic information, immigration status, or any other basis protected by all applicable laws.