Millennium Corporation is hiring a Red Team Penetration Tester to work in North Charleston. The candidate must have an active Secret clearance.
The ideal candidate will:
- Provide support by utilizing experience in automation using Powershell, PowerAutomate, Logic Apps, Graph API.
- Provide support by utilizing experience conducting Red Team operations in an MDE environment.
- Provide support by utilizing experience with AWS, Cloud Audit, Serverless and Microservice Architecture.
- Provide support utilizing experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services.
- Provide support by performing web application and API penetration testing, and Cloud Security Audits.
- Provide support by utilizing experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP).
- Mimic attacks of threat actors defined by the Cyber Threat Intelligence (CTI) Team to assess and improve IT system resilience, SOC monitoring effectiveness, and tuning of security tools
- Perform ad hoc, focused pen tests to validate the effectiveness of corrective actions taken to address identified weaknesses
- Perform Penetration Testing Services for any internal or public websites and associated systems
Qualifications:
- Candidate must have an active Secret security clearance.
- With an accredited bachelor's degree within a relevant area the candidate must have a minimum of 6 years of experience. With a masters degree, a minimum of 3 years of experience.
- Must have a CFR, Cloud+, CySA+, GCED, GICSP or PenTest+ certification.
- Must also be able to obtain a Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE) or Offensive Security Wireless Professional (OSWP) certification within 6 months of employment.
- Demonstrated experience performing vulnerability assessments with the Assured Compliance Assessment Solution (ACAS) tool.
- Demonstrated experience utilizing penetration tools and mimicking threat behavior.
- Demonstrated experience with performing STIG assessments to include using SCAP benchmarks.
- Shall have demonstrated experience utilizing packet analyzer tools such as Wireshark and tcpdump.