OVERVIEW:
This Attack Emulation Team (AET) Team Operator position supports the Customer and participates as a team member to deliver AET services and to address stakeholder needs in the context of AET services. The AET Assessment team Operator Role leads the penetration test part of the assessment. They are responsible for developing the testing results appendix of the report. They may also contribute to other portions of the assessment report. As needed, the OP supports the Technical Exchange Meeting or other meetings.
The AET Operator will participate with the AL, TL in the planning phase of the AET Assessment activities. They will apply technical and professional skillsets to lead the Technical Exchange Meeting (TEM) and support the scoping section of the Technical Exchange Meeting (TEM) which consists of interviews with individual or group SMEs to complete the Rules of Engagement (ROE) activities, achieve clarification, or lead to the location of evidence. They communicate and share information gained during the TEM with the entire assessment team. They work directly with the AL, TL and organization POC to successfully plan and execute the assessment, as well as notify and support the assessment services. They participate in assessment activities and perform the adversarial emulation testing tasks assigned by the AL, TL. Participate in the post-execution out brief to the POC and SMEs, to present preliminary observations as a result of the TEM. Contribute to the draft of the AET Assessment reports. Identify potential improvements to the target organization security posture that are related to organizational system(s) use and interconnections, as well as identifying strengths and weaknesses in incident management capabilities that are applicable to protecting and sustaining the organizational system(s).
REQUIRED QUALIFICATIONS:
- Performing authorized pen testing on enterprise networks;
- Gaining access to targeted networks;
- Applying expertise to enable new exploitation and maintaining access;
- Obeying appropriate laws and regulations;
- Providing infrastructure analysis;
- Performing analysis of physical and logical digital technologies;
- Conducting in-depth target and technical analysis;
- Creating exploitation strategies for identified vulnerabilities;
- Monitoring target networks; and
- Profiling network users or system administrators and their activities
DESIRED QUALIFICATIONS:
- OSEP (Offensive Security Experienced Penetration Tester)
- OSCP (Offensive Security Certified Professional)
- GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
- GPEN (GIAC Certified Penetration Tester)
- LPT (Licensed Penetration Tester)
CLEARANCE: