Senior Cyber Security Engineer - Threat Simulation - Kforce Inc.
McLean, VA 22102
About the Job
- Senior Cyber Security Engineer will lead Red Team exercises against a hybrid environment using, threat intelligence, and the MITRE ATT&CK Framework
- Contribute to designing, scoping, and execution of threat intelligence led Purple Team exercises against a using the MITRE ATT&CK Framework
- Build and maintain Red and Purple team infrastructure, automating functions where possible
- Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members
- Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools
- Contribute to report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables
- As a Senior Cyber Security Engineer, you will assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset
- Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation
- Active contributor to Red and Purple Team activities for internal presentations and conferences
Requirements:
- 5+ years of experience with industry standard penetration testing tools (Cobalt Strike, Sliver, Mythic, Metasploit, Burp Suite, Nmap, Covenant, etc.); Or the ability to demonstrate equivalent knowledge
- Expert understanding of MITRE ATT&CK framework tactics, techniques, and procedures
- Expert understanding of modern evasion techniques to bypass security controls
- Strong understanding of how an Advanced Persistent Threat could compromise a financial institution
- Strong understanding of Purple Team concepts, tools, and automation strategies
- Strong understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability
- Strong understanding of Windows and Linux system hardening concepts and techniques
- Strong with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.)
- Strong with at least one compiled language (C#, C++, Go, Rust, etc.)
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
