Job Description

AT&T Global Public Sector is a trusted provider of secure IP enabled cloud-based network solutions and professional services to the Federal Government. We are dedicated to recruiting developing and empowering a diverse high-performing workforce that is passionate about what they do committed to our shared values and dedicated to our customers missionOur National Security Team supports the intelligence community providing operating and assuring critical voice video and collaboration services for the full spectrum of operations. The services required by this contract will assist OS&CI in providing the NRO a secure mission environment. The contractor shall provide realistic innovative information security solutions to accomplish the requirements in addition to program management. The services obtained under this contract shall provide expertise to support information systems security security control assessments information assurance engineering and security control assessments test engineering.AT&T has an opening for an Security Classification Assessor Test Engineer (SCATE 3) to support the Defense and Nat Security Cyber Security.The job duties of the SCATE 3 are as follows:As a senior member of a Red TeamLead in the design and execution of adversarial based security testing of various targets.Evaluating environments applications systems or processes to discover weaknesses and subsequently leverage those discoveries into actionable real-world attack strategies.Provide leadership and guidance to advance the operational capabilities of the team and its subsequent ability to evaluate risk to the enterpriseDemonstrate an ability to structure a Red Team and optimize it for execution including programmatic improvements to fill in gaps with the existing team.Perform and lead a full scope of Red Team testing; including network penetration web application testing threat analysis wireless network assessments social-engineering testing and IDS/IPS/Antivirus evasion techniques.Utilize knowledge of operating systems networking protocols firewalls databases firmware middleware applications forensic analysis scripting and programming to perform adversarial based security engagements.Develop comprehensive and accurate reports and presentations for both technical and executive audiences.Mentor and lead junior technical operators and clearly translate highly technical information to senior management in a way that supports mission goals.Help define the Red Team strategy to further enhance the organizations security posture.Effectively communicate findings and strategy to client stakeholders including technical staff executive leadership and legal counsel.Provide risk-appropriate and pragmatic recommendations to correct vulnerabilities found.Configure and safely utilize attacker tools tactics and procedures to improve the security posture of mission systems.Develop scripts tools or methodologies to enhance the Red Team processes.Required Clearance:TS/SCI with poly (#ts/sci) (#polygraph)Required Qualifications:EXPERIENCE:Experience in network penetration testing and manipulation of network infrastructure.Experience in shell scripting or automation of simple tasks using Perl Python or Ruby.Experience developing extending or modifying exploits shellcode or exploit tools.Experience with Red Blue or Purple teaming exercises.Working knowledge of exfiltration and lateral movement tradecraft.Working knowledge of OSINT collection/ reconnaissance techniques for target selection.Strong attention to detail with analytical and problem-solving skills.Knowledge of tools used for web application and network security testing such as Kali Linux Metasploit Burp suite Cobalt Strike Bloodhound Powershell Empire Nessus Web Inspect NMAP Nikto Sqlmap etc.EDUCATION:High School/GED/Associates AND 15 Years ExperienceAssociates Degree AND 12 Years ExperienceBachelors Degree AND 8 Years Experience ORMasters Degree AND 5 Years ExperienceCERTIFICATION:Must meet minimum requirements for DoD 8570 IAT Level III to include ONE of the following:CASP+ CECCNP SecurityCISACISSP (or Associate)GCEDGCIHCCSPDesired Qualifications:A degree in a technical field (Computer Science IT Engineering etc).Solid understanding of common hosting environments such as containerization platforms (e.g. Docker and Kubernetes) and virtual machines running under hypervisors.Experience with source code review for control flow and security flaws.An implementation level familiarity with all common classes of modern exploitation such as: XSS XMLi SQLi Deserialization Attacks etc.Thorough understanding of network protocols data on the wire and covert channels.Mastery of Unix/Linux/Mac/Windows operating systems including bash and Powershell.Experience in mobile and/or web application assessments.Experience in email phone or physical social-engineering assessments.Programming skills as well as the ability to read and assess applications written in multiple languages such as JAVA .NET C# or others.Emulate ransomware and advanced persistent threats (APT) in support of Threat Hunt.Industry certifications such as OSCP/OSCE OSWE GPEN GCIH GWAPT or GXPN.Ready to join our team? Apply Today!AT&T will consider for employment qualified applicants in a manner consistent with the requirements of federal state and local lawsWe expect employees to be honest trustworthy and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race color religion national origin gender sexual orientation gender identity age disability marital status citizenship status military status protected veteran status or employment status