• Independently manage penetration tests from inception through delivery to include:
• Scoping assessments and establishing rules of engagement
• Designing penetration tests for systems and applications using established assessment frameworks; account for common and unique application and system considerations
• Sourcing and leveraging information such as source code, architecture diagrams, etc. to enhance assessment coverage
• Coordinating & scheduling testing with engineering teams across the enterprise
• Effectively managing relationships and communicating with engineering teams before, during, and after testing
• Acting as subject matter expert with engineering teams when communicating results, preventative measures, remediation steps, and other security related information
• Acting as a technical lead for multi-resource engagements
• Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks
• Leverage complex tactics including, but not limited to, lateral movement, network tunneling/pivoting, credential compromise, and hash cracking
• Lead red team exercises with a focus on stealth, long campaigns, social engineering, and realistic threats
• Enhance testing by identifying novel attack patterns against NFCU systems and applications based on real-world data
• Perform attacks consistent with common threats (e.g. OWASP top 10) as well as uncommonly observed attacks specific to certain technologies and frameworks
• Research and develop exploits for local and remote targets
• Craft proofs of concept as well as deployable exploits for both public and novel vulnerabilities
• Create and automate custom fuzzing leveraging techniques relevant to NFCU technologies
• Develop custom scripts (Nuclei, Python, etc) to check for security requirements specific to individual applications
• Communicate complex technical risks concisely to non-technical and executive audiences
• Effectively employ OpSec best practices to minimize distribution of vulnerability data
• Mentor and support more junior staff across the security organization
• Perform other duties as assigned

Required Qualifications:

• Bachelor's Degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience
• Advanced hands on experience in the field of cybersecurity and/or application security, with hands-on penetration testing or red teaming as the primary/exclusive role
• Advanced knowledge of MITRE ATT&CK and/or CAPEC Frameworks
• Experience testing against Active Directory environments
• Experience testing against both Linux based and Windows based systems
• Experience developing custom malware and evading EDR solutions
• Experience coding in languages and on frameworks such as: Python, JavaScript, Bash, PowerShell, Java, C#, C++, Springboot, React, NodeJS
• Advanced networking knowledge spanning: IPv4/6, DNS, TCP/UDP, TLS/SSL, SSH, HTTP, SOCKS
• Advanced knowledge of modern cryptographic hashing & encryption methods and best practices
• Advanced organizational, planning and time management skills
• Advanced communication, presentation, and analytical skills

Preferred Qualifications:

• Advanced degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience
• At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications ("Registered" and "Certified" levels such as CRT or CCSAS)
• Experience writing enterprise applications or performing techniques such as source code review, pair programming, etc.
• Experience leading testing engagements end to end.
• Advanced knowledge of Navy Federal's functions, philosophy, operations and organizational objectives

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131 | Remote