Sterling, Virginia, USA
Clearance Level: Secret
Job Description
This BAE Systems program supports our federal customer who plays a key role in providing direct cybersecurity engineering support. This program provides systems and security engineering and integration support to specific Government-sponsored projects, pilots and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and reduce cybersecurity risk of our customer networks.
The ST&E team is expected to have knowledge and extensive experience in networking, systems management, programming and tool development, the UNIX (different variants) operating system, the Microsoft Windows (different variants) operating system, security analyst tools and techniques, and system design and architecture is necessary to identify required modifications, determine innovative solutions, and to recommend sound security measures.
**This position is eligible for maximum telework (>50%) for applicants residing in the National Capital Region (DC, MD, VA). **
**This position’s office location can be either Sterling, VA, or Rockville, MD. **
Required Education, Experience, & Skills
Minimum of 5 years of experience in penetration testing, including experience with the MITRE ATT&CK Framework. Extensive experience with OWASP – OWASP Top Ten, OWASP Application Security Verification Standard (ASVS), and OWASP Web Security Testing Guide (WSTG).
Demonstrated ability to identify and exploit vulnerabilities using the MITRE ATT&CK Framework.
Strong knowledge of Linux-based systems and Windows operating systems, including Active Directory.
Proficiency on the command line and have extensive knowledge of the operating system you are assessing.
Familiarity with various network security tools and techniques, such as vulnerability scanners, port scanners, and network sniffers.
Perform penetration tests and vulnerability assessments on AWS’s infrastructure, applications, and services hosted in the cloud.
Create customized attack scenarios and exploits to evaluate the efficacy of Amazon security safeguards.
Detect and assess possible dangers and channels of attack unique to AWS settings.
Work with customers to discover and resolve AWS-based application and service vulnerabilities and weaknesses.
Build and maintain AWS cloud penetration testing scripts, tools, and procedures.
Two years’ experience performing source code analysis.
Experience using Checkmarx for source code analysis.
Experience conducting Infrastructure as Code (IaS) analysis
Experience in Red Team (preferable) or Blue Team penetration testing.
Candidate should be willing to mentor.
Preferred Education, Experience, & Skills
Deep understanding of the methodology associated with penetration testing, such as creating Rules of Behavior, selection of pen testing team, and have a developed tool kit.
Cloud experience a plus! (AWS or Azure)
Proficiency in one or more programing/scripting language(s).
ANY OF THE BELOW CREDENTIALS ARE A PLUS!
Licensed Penetration Tester (LPT) Master
Offensive Security Certified Professional (OSCP)
Certified Ethical Hacker (CEH)
IACRB Certified Expert Penetration Tester (CEPT)
IACRB Certified Expert Penetration Tester (CPT)
Certified Red Team Operations Professional (CRTOP)
CompTIA’s PenTest+
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); and/or
GIAC Penetration Tester (GPEN)
Hack The Box (HTB) Certified Penetration Testing Specialist (CPTS)
Burp Suite Certified Practitioner (BSCP)
About BAE Systems Intelligence & Security
BAE Systems, Inc. is the U. S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it’s what we do at BAE Systems. Working here means using your passion and ingenuity where it counts – defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team—making a big impact on a global scale. At BAE Systems, you’ll find a rewarding career that truly makes a difference. Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do—from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U. S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. At BAE Systems, we celebrate the array of skills, experiences, and perspectives our employees bring to the table. For us, differences are a source of strength. We’re laser-focused on high performance, and we work hard every day to nurture an inclusive culture where all employees can innovate and thrive. Here, you will not only build your career, but you will also enjoy work-life balance, uncover new experiences, and collaborate with passionate colleagues.
BAE Systems / Equal Opportunity Employer
JBBAE 93088BR 2023.07.16
Secret, CLZSS, — SKUUU, VA_STERLING VA_VIRGINIA ZC20163 ZC201Z
