- Red Team Analyst
IntellecTechs is currently looking for a Red Team Analyst to support our Norfolk, VA opportunity. Top Secret Clearance with SCI is required.
The Analyst will provide technical support, assistance, and training for unique tactics, techniques, and procedures (TTP) and information technology required to support Web Risk Assessment (WRA), part of the Navy’s Cyber Red Teaming mission. This task requires compliance with DOD Directive 8570 on IA Workforce training and certification (IAT Level II). Support shall include participation in annual, crisis, and other Web Risk Assessments and annual cyber analysis studies. The following is required:
Possess a minimum of five years of experience in providing highly technical subject matter expertise and expert guidance to government personnel in the execution of WRA operations or penetration testing and demonstrated experience in at least five of the following areas:
- Research various cyber actors’ TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into penetration tests or web risk assessment operations
- Demonstrated expertise with website scanning and exploitation tools such as HP WebInspect, Accunetix, Burp Suite, Core Impact, etc.
- Exploitation of vulnerabilities associated with most common operating web hosting platforms (IIS, Apache, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.)
- Demonstrated experience performing manual vulnerability testing of web application to include the OWASP Top 10
- Understanding of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX
- Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
- Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
- Development, modification, and utilization of network enumeration engines and Open Source Research (OSR) engines (i.e. Recon-ng, nmap, nessus)
- Plan and execute technical cyber assessments or penetration tests
- Development and utilization of testing methodology for cloud-based and networked systems
- Modification, testing and utilization of computer network attack and exploitation tools
- Operational Risk Management (ORM) concepts and application
The following qualifications are desired, but not required:
- Design, build, and implement software, Cyber assessment tools, information assurance products, or computer security applications.
- Write software/scripts in any of the following computer programming languages (C/C++, Ruby on Rails, Python, and Perl)
- Computer network or system design and implementation
The contractor will be required to support the following tasks at NIOC Norfolk:
- Conduct website vulnerability scans of unclassified Navy websites designed, developed, procured, or managed by Navy activities from inside and outside the DODIN on all public facing websites utilizing Acunetix and HP Webinspect.
- Utilize technical and analytical means to eliminate false positive/negative results.
- Coordinate with DOD components prior to scans for deconfliction.
- Maintain an accurate scan database/schedule
- Understand DOD component Whitelists
- Post scan results on DOD web vulnerability scanning (WVS) web portal and notify NCDOC for remediation tracking and reporting.
- Identify risks to networks based on vulnerability scan results
- Work with webmasters/web hosts to identify technical issues prohibiting scanning
- Recommend non-compliant websites for revocation from Whitelist
- Coordinate/assist mitigation efforts with webmasters/web hosts
- Assist webmasters/web hosts in developing a plan of action and milestones for mitigation
- Review Navy websites for compliance with applicable DOD and Navy instructions and directives
- Contact webmaster/web hosts on compliance issues
- Assist webmasters/web hosts in correcting cited compliance issues
- Assist webmasters in registering websites on the NIOC portal
- Liaise with various DOD components concerning web vulnerability scanning and compliance guidelines and issues
- Attend meetings with various agencies concerning web vulnerability scanning
IntellecTechs, Inc. is a premier provider of Information Technology (IT), Training and Professional Technical and Administrative Services to federal and commercial customers. IntellecTechs' government customers include Department Navy Chief Information Office (DONCIO), U.S. Navy (USN), U.S. Marine Corps (USMC), National Education and Training Command (NETC), Program Executive Office (PEO) Enterprise Information Systems (EIS), National Aeronautics and Space Administration (NASA) and Space and Naval Warfare command (SPAWAR). Our project management experience and commitment to client relationship enables us to provide creative and cost-effective solutions regardless to the size of the mission. By eliminating boundaries, collaborating in new ways, and continually seeking improvement, IntellecTechs is helping clients at all levels to connect, protect, and serve citizens better than ever. Our headquarters is located in Virginia Beach, VA and is also a certified testing center authorized to administer Prometric and Pearson VUE exams. IntellecTechs is an 8(a) company, certified by the SBA, Economically Disadvantaged Women Owned Small Business (EDWOSB), Service-Disabled Veteran-Owned Small Business (SDVOSB), Small Disadvantaged Business (SDB) and Small Women and Minority Owned (SWaM).
IntellecTechs, Inc. is a private corporation established in the Commonwealth of Virginia, is an Equal Employment Opportunity and Affirmative Action employer. This commitment affirms IntellecTechs, Inc.'s policy to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
IntellecTechs, Inc. will not tolerate discrimination or sexual harassment in its workplace and will take all reasonable steps necessary to ensure nondiscriminatory treatment throughout its programs and business practices to include, but not limited to the following: recruiting/posting/advertising, selection and hiring; disciplinary actions; involuntary and voluntary terminations and layoffs; position upgrades and promotions; rates of pay and other compensation; training programs and participation/selection criteria; and apprenticeships. Also, IntellecTechs, Inc. will provide reasonable accommodations to applicants and employees with disabilities in accordance with Federal, State or Local regulations and laws.
We value our diversified team and work diligently to provide and promote a culture free from discrimination and harassment.