Oak Grove Technologies LLC
Fort Belvoir, Virginia
Description: Oak Grove Technologies, LLC, a dynamic and fast-growing federal contractor, is seeking a highly skilled and motivated Senior Red Cyber Operator to support advanced Red Cyber operations through the execution of red team assessments, offensive cyber operations, and penetration testing. Oak Grove Technologies is a Service-Disabled Veteran-Owned Business based in Raleigh, NC, with a Test and Training Center located near Fort Bragg and Camp Mackall. With over 20 years of expertise in training, consulting, technology, and operational support, the company provides services to the military, government, and law enforcement. Committed to excellence, innovation, and national security, Oak Grove Technologies fulfills federal defense contracts and actively supports veterans through sponsorships and events. Driven by its mission-focused approach, the company seeks top talent to develop impactful solutions. Oak Grove Technologies offers a competitive compensation and benefits package. Requirements: What You'll Be Doing: Cyber Red Team Assessments, Penetration Testing, Offensive Cyber Operations. Performing penetration testing / red team operations to help validate the security of our nation's most critical systems. Sharing your expertise and insight to direct the activities of mid-level operators to guide the team in accomplishing their mission objectives. Antivirus evasion, EDR evasion, offensive infrastructure, phishing and social engineering. Leveraging your expertise with tools like Cobalt Strike to discover vulnerabilities and exploit them to achieve mission objectives. Quickly crafting new scripts and capabilities on-the-fly during operations to ensure you have the capabilities you need for mission success. Working hand-in-hand with our expert development team to ensure design and development of long-term capabilities to enable your mission success. What Desired Skills You'll Bring: 5+ years Offensive Cyber experience, DoD Cyber Red Team Experience, or corporate Red Team experience. Expertise in antivirus evasion, EDR evasion, and/or penetration testing. Red Team Apprentice Course (RTAC), Red Team Journeyman Course (RTJC), Certified Red Team Operator (CRTO) certification, Rogue Ops- Red Team 1 (ROPS), Offensive Security Certified Professional (OSCP), Global Information Assurance Certification, (GIAC) Exploit Researcher & Advanced Penetration Tester (GXPN), GIAC Penetration Tester (GPEN), and/or GIAC Web Application Penetration Tester (GWAP). What Required Skills You'll Bring: U.S. Citizenship and an active Top Secret SCI security clearance is required for this position. Must pass the DCART Senior Operator Aptitude Test using Cobalt Strike before joining DCART as an Operator. Experience in conducting red team assessments, offensive cyber operations, or penetration testing and be prepared to direct the activities of mid-level operators. Mid-Level Operators: 1 year of experience conducting red team assessments, offensive cyber operations, or penetration testing, with 3+ years desired. Senior Level Operators: 3+ years' experience in conducting red team assessments, offensive cyber operations, or penetration testing and ability to direct the activities of mid-level operators, with 5+ years desired. Must hold an IAT Level III certification as defined and described in DoDD 8570.01, 8570.01-M, 8140.01-03, and as amended. Must be capable of meeting apprentice operator requirements in the DCART Operator Training Program within the prescribed timelines, as outlined in the DCART Handbook. Red Cyber Operators are expected to have experience as operators conducting cyber red team assessments, offensive cyber operations, or significant penetration testing experience. Willingness and ability to travel 15% (CONUS/OCONUS) Security Clearance Requirements: U.S. Citizenship and an active Top Secret SCI security clearance is required for this position. Compensation and Benefits: Competitive Pay, PTO, Health Benefits. If you are a highly motivated Senior Red Cyber Operator and ready to apply your expertise in a high-impact role, we encourage you to join our mission. Oak Grove Technologies is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class. Oak Grove Technologies, LLC participates in E-Verify to determine an individual's identity and employment eligibility to work in the United States. E-Verify is a service of DHS and SSA. PId959408e7a5a-0590
Description: Oak Grove Technologies, LLC, a dynamic and fast-growing federal contractor, is seeking a highly skilled and motivated Senior Red Cyber Operator to support advanced Red Cyber operations through the execution of red team assessments, offensive cyber operations, and penetration testing. Oak Grove Technologies is a Service-Disabled Veteran-Owned Business based in Raleigh, NC, with a Test and Training Center located near Fort Bragg and Camp Mackall. With over 20 years of expertise in training, consulting, technology, and operational support, the company provides services to the military, government, and law enforcement. Committed to excellence, innovation, and national security, Oak Grove Technologies fulfills federal defense contracts and actively supports veterans through sponsorships and events. Driven by its mission-focused approach, the company seeks top talent to develop impactful solutions. Oak Grove Technologies offers a competitive compensation and benefits package. Requirements: What You'll Be Doing: Cyber Red Team Assessments, Penetration Testing, Offensive Cyber Operations. Performing penetration testing / red team operations to help validate the security of our nation's most critical systems. Sharing your expertise and insight to direct the activities of mid-level operators to guide the team in accomplishing their mission objectives. Antivirus evasion, EDR evasion, offensive infrastructure, phishing and social engineering. Leveraging your expertise with tools like Cobalt Strike to discover vulnerabilities and exploit them to achieve mission objectives. Quickly crafting new scripts and capabilities on-the-fly during operations to ensure you have the capabilities you need for mission success. Working hand-in-hand with our expert development team to ensure design and development of long-term capabilities to enable your mission success. What Desired Skills You'll Bring: 5+ years Offensive Cyber experience, DoD Cyber Red Team Experience, or corporate Red Team experience. Expertise in antivirus evasion, EDR evasion, and/or penetration testing. Red Team Apprentice Course (RTAC), Red Team Journeyman Course (RTJC), Certified Red Team Operator (CRTO) certification, Rogue Ops- Red Team 1 (ROPS), Offensive Security Certified Professional (OSCP), Global Information Assurance Certification, (GIAC) Exploit Researcher & Advanced Penetration Tester (GXPN), GIAC Penetration Tester (GPEN), and/or GIAC Web Application Penetration Tester (GWAP). What Required Skills You'll Bring: U.S. Citizenship and an active Top Secret SCI security clearance is required for this position. Must pass the DCART Senior Operator Aptitude Test using Cobalt Strike before joining DCART as an Operator. Experience in conducting red team assessments, offensive cyber operations, or penetration testing and be prepared to direct the activities of mid-level operators. Mid-Level Operators: 1 year of experience conducting red team assessments, offensive cyber operations, or penetration testing, with 3+ years desired. Senior Level Operators: 3+ years' experience in conducting red team assessments, offensive cyber operations, or penetration testing and ability to direct the activities of mid-level operators, with 5+ years desired. Must hold an IAT Level III certification as defined and described in DoDD 8570.01, 8570.01-M, 8140.01-03, and as amended. Must be capable of meeting apprentice operator requirements in the DCART Operator Training Program within the prescribed timelines, as outlined in the DCART Handbook. Red Cyber Operators are expected to have experience as operators conducting cyber red team assessments, offensive cyber operations, or significant penetration testing experience. Willingness and ability to travel 15% (CONUS/OCONUS) Security Clearance Requirements: U.S. Citizenship and an active Top Secret SCI security clearance is required for this position. Compensation and Benefits: Competitive Pay, PTO, Health Benefits. If you are a highly motivated Senior Red Cyber Operator and ready to apply your expertise in a high-impact role, we encourage you to join our mission. Oak Grove Technologies is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class. Oak Grove Technologies, LLC participates in E-Verify to determine an individual's identity and employment eligibility to work in the United States. E-Verify is a service of DHS and SSA. PId959408e7a5a-0590
Mindlance
Dulles, Virginia
Hiring manager is seeking candidates with a pen testing background who knows how to test for OWASP Top 10 web application vulnerabilities and is interested in growing their skills. Responsibilities The Technical Security Analyst position is within client s IT Security group whose mission is to deliver information security solutions and services to protect client information assets, computing infrastructure, applications, and data. The Analyst will work within the vulnerability management team helping to identify and mitigate risks against client. The ideal candidate will have great interest in information security, has hands-on security engineering experience, and be able to come up with creative and unique solutions to security- related problems. The Analyst will perform technical security engineering activities including the following: Perform vulnerability scan, analysis, validation and remediation activities. Perform network and application penetration testing. Validate vulnerabilities discovered through code analysis. Classify and prioritize the risk of new vulnerabilities according to the specifics of client environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats. Engineer application, system and network security solutions to meet security requirements for varied operating environments. Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action. Work with customers to oversee remediation of identified security issues. Perform technical and non-technical compliance activities. Provide security subject matter expertise to client product teams including developers and system administrators. Perform security validation for configuration settings on different systems. Minimum Qualifications Bachelor s degree with a minimum of 1 year of information security work experience. A strong interest in the field of information security. Intermediate scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java). Fluent in a variety of web application protocols, operating systems and networking technologies. Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux, Windows and OSX), patching and attack patterns. Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation among others. Strong analytical, problem solving and engineering skills. Good written and verbal communication skills. Solid organizational skills and strong customer service skills. Experience with parsing / analysis of large data sets (e.g. vulnerability scan results). Desired Qualifications Certified Information Systems Security Professional (CISSP). Certified Ethical Hacker (CEH) Familiarity with Enterprise Vulnerability Management tools such as Rapid 7 Nexpose, Nessus and Qualys. Familiarity with Amazon Web Services (AWS) security.
Hiring manager is seeking candidates with a pen testing background who knows how to test for OWASP Top 10 web application vulnerabilities and is interested in growing their skills. Responsibilities The Technical Security Analyst position is within client s IT Security group whose mission is to deliver information security solutions and services to protect client information assets, computing infrastructure, applications, and data. The Analyst will work within the vulnerability management team helping to identify and mitigate risks against client. The ideal candidate will have great interest in information security, has hands-on security engineering experience, and be able to come up with creative and unique solutions to security- related problems. The Analyst will perform technical security engineering activities including the following: Perform vulnerability scan, analysis, validation and remediation activities. Perform network and application penetration testing. Validate vulnerabilities discovered through code analysis. Classify and prioritize the risk of new vulnerabilities according to the specifics of client environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats. Engineer application, system and network security solutions to meet security requirements for varied operating environments. Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action. Work with customers to oversee remediation of identified security issues. Perform technical and non-technical compliance activities. Provide security subject matter expertise to client product teams including developers and system administrators. Perform security validation for configuration settings on different systems. Minimum Qualifications Bachelor s degree with a minimum of 1 year of information security work experience. A strong interest in the field of information security. Intermediate scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java). Fluent in a variety of web application protocols, operating systems and networking technologies. Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux, Windows and OSX), patching and attack patterns. Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation among others. Strong analytical, problem solving and engineering skills. Good written and verbal communication skills. Solid organizational skills and strong customer service skills. Experience with parsing / analysis of large data sets (e.g. vulnerability scan results). Desired Qualifications Certified Information Systems Security Professional (CISSP). Certified Ethical Hacker (CEH) Familiarity with Enterprise Vulnerability Management tools such as Rapid 7 Nexpose, Nessus and Qualys. Familiarity with Amazon Web Services (AWS) security.
Spark infotech
Salem, Oregon
Job Title: Pen TesterLocation: Salem, OR (Onsite)Duration: Full TimeJob Description Key Responsibilities / Required Skills:Experience in manual penetration testing, particularly in web and mobile applications.Strong understanding of security frameworks likeOWASP Top 10 and NIST Standards.Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, andAppScan.Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, andAcunetix for vulnerability assessments.Practical experience with AWS services(EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.Familiar with Azure cloud security architecture,VNets, and Azure DevOps pipelines.Proficient in Python, Perl, PHP, Java, and Objective Cfor security testing and code reviews.Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.Experience in building and assessing API security frameworksand secure coding practices for web apps.Deep experience in implementing Secure Software Development Life Cycle (S-SDLC)processes, ensuring security across development, testing, and production phases.Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF)challenges.Passion for discovering new vulnerabilities and security exploits.Excellent written and verbal communication skills to clearly articulate security risks and remediation strategies.Familiar with common technology stacks such asLAMP, LEMP, and MEAN, as well as secure coding practices for these environments.Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications follow security best practices.Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially inJava, Python, and Objective C.Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues likeXSS, SQLi, CSRF, etc.Provide feedback on application architecture regardingnetwork security, SSL/TLS configurations, and cloud security best practices.Stay updated on emerging security vulnerabilities, developAPI security strategies, and integrate security controls into theCI/CD pipeline. Certifications:Desired certifications include OSCP, OSWA,CEH, or relevant SANS certifications.
Job Title: Pen TesterLocation: Salem, OR (Onsite)Duration: Full TimeJob Description Key Responsibilities / Required Skills:Experience in manual penetration testing, particularly in web and mobile applications.Strong understanding of security frameworks likeOWASP Top 10 and NIST Standards.Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, andAppScan.Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, andAcunetix for vulnerability assessments.Practical experience with AWS services(EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.Familiar with Azure cloud security architecture,VNets, and Azure DevOps pipelines.Proficient in Python, Perl, PHP, Java, and Objective Cfor security testing and code reviews.Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.Experience in building and assessing API security frameworksand secure coding practices for web apps.Deep experience in implementing Secure Software Development Life Cycle (S-SDLC)processes, ensuring security across development, testing, and production phases.Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF)challenges.Passion for discovering new vulnerabilities and security exploits.Excellent written and verbal communication skills to clearly articulate security risks and remediation strategies.Familiar with common technology stacks such asLAMP, LEMP, and MEAN, as well as secure coding practices for these environments.Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications follow security best practices.Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially inJava, Python, and Objective C.Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues likeXSS, SQLi, CSRF, etc.Provide feedback on application architecture regardingnetwork security, SSL/TLS configurations, and cloud security best practices.Stay updated on emerging security vulnerabilities, developAPI security strategies, and integrate security controls into theCI/CD pipeline. Certifications:Desired certifications include OSCP, OSWA,CEH, or relevant SANS certifications.