ANGARAI is hiring a
Cyber Tool Developer in United States

Summary

ANGARAI is seeking a Cybersecurity Tool Developer for a client project. The role involves analyzing results from automated assessment tools, using various network cyber assessment tools, manually discovering key application flaws, researching cyber actors' TTPs, developing testing methodology for threat emulation and vulnerability validation, supporting working groups, contributing to Blue Team reporting, understanding Navy networks for compliance, liaising with DOD components concerning web vulnerability scanning, and having at least five years of experience in providing technical subject matter expertise in one or more areas from a list provided.

Requirements

• Must possess a minimum of five (5) years of experience in providing highly technical subject matter expertise and expert guidance to government personnel in the execution of operations and demonstrated experience in at least five of the following areas
• Hands-on experience performing Penetration Tests and Vulnerability Analysis for applications, network infrastructure and operating system infrastructures
• Create or develop scripts that generate findings or reports by ingesting data from data sets taken during assessments and utilizing proven/formal processes, industry standards, and tools to include but not limited to: Perl, Shell, or other scripting/coding languages
• Recommend solutions by defining database's physical structure and functional capabilities, database security, back-up and recovery specifications
• Conduct system or database performance monitoring and tuning
• Conduct training programs for staff on current and newly developed cyber tools
• Work closely with an internal cross-functional team to create and/or customize themes, plugins, and extensions to support vulnerability discovery and reporting
• Designs and implements new Stored Procedures and optimizes existing processing and publishing codes to improve performance and system stability
• Identifying mission area-related concepts and technologies for examining technology, including protocols, languages, clients, and server architectures, from the attacker's perspective
• Developing and supporting development of Navy mission areas-related operational concepts, tactics, and experimental concepts and technologies
• Provide subject matter expertise and guidance utilizing tools and techniques to conduct cyber vulnerability assessments of public facing IP addresses
• Familiarity with National Institute of Standards and Technology (NIST) Special Publications
• Possess a number of technical certifications, or similar, from the following list
• Bachelor's or Master's in Cyber, Computer Science or related Engineering discipline
• Offensive Security Certified Professional (OSCP)
• CompTIA Advanced Security Practitioner (CASP+)
• Linux +
• GIAC Penetration Tester (GPEN)
• Certified Ethical Hacker (CEH) certification
• GCFE - Windows Forensic Analysis
• GCFA - Advanced Digital Forensics, Incident Response, and Threat Hunting
• GNFA - Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
• Have a working level ability with one of the below programing languages :Python, Javascript, SQL
• Familiarity with Navy Information System Architecture

Responsibilities

• Analyze the results from automated assessment tools to validate findings, determine their business impact, and eliminate false positives
• Use commercial and open source network cyber assessment tools (e.g. Core Impact, Nmap, Metasploit, and Nessus)
• Manually discover key application flaws
• Research various cyber actors' TTPs, organizational structures, capabilities, personas, and environments, and integrate findings into Cyber Blue Teaming or penetration test operations
• Develop and utilize testing methodology for threat emulation and vulnerability validation
• Provide support to working groups, planning groups, operational planning teams, conferences, table top exercises, war games and operational experiments
• Contribute findings to Blue Team reporting
• Understand Navy networks for compliance with applicable DOD and Navy instructions and directives
• Liaise with various DOD components concerning web vulnerability scanning and compliance guidelines and issues