Full Job Description
What You'll Be Doing:
Seeking talented, thoughtful and creative Penetration Testers for a position on a cyber Red Team. Our project provides comprehensive insight to leadership on the damage a malicious actor could inflict on a network based on actual findings and observation.
Using good judgment, a successful candidate must be able to identify and exploit vulnerabilities, elevate privileges, pivot laterally across networks, and communicate findings effectively to client stakeholders, including technical staff and executive leadership.
The candidate must be comfortable reading network diagrams, understand the interconnected nature of target networks, and have experience conducting penetration tests beginning to end (i.e. reconnaissance, exploitation, post-exploitation, report writing).
The ideal candidate will have a solid understanding of and interest in emerging cyber threats, threat actors, campaigns, and visual signs of intrusion. Will have hands-on expertise with some combination of ethical hacking, networking and security solutions, virtualization, cloud security, physical or personal security, and web application testing.
The ability to work quickly, both independently and as a team, and strong written and verbal communication skills are a must.
You'll Bring These Skills:
Demonstrated real world experience performing grey and black box penetration testing
Have an understanding of and interest in common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc.
Must be proficient in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, IPTables, Sysinternals, A/V evasion methodologies, Exploit Dev
Must have solid working experience and knowledge of Windows operating systems (incl. Active Directory), Linux operating systems; ESXi or similar; mobile platforms are a plus
Solid understanding of networking, TCP/IP, virtualization and cloud/data center architecture
Strong familiarity with some of the following: OWASP top 10, DoD and NSA Vulnerability and Penetration Testing Standards
Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open source exfiltration techniques
These Are Nice To Have:
Experience performing Red Team, Blue Team Operations
Certifications such as OSCP, OSCE, GPEN, GWAPT, GPEN, GXPN, CEH, CISSP
Malware analysis or digital computer forensics experience
Cyber related Law Enforcement or Counterintelligence experience
Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming is a plus
Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats
Proactive interest in emerging technologies and techniques related to penetration testing
What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.