Red Team Penetration Tester

Millennium Corporation • North Charleston, SC, US • 3d ago

Millennium Corporation is hiring a Red Team Penetration Tester to work in North Charleston. The candidate must have an active Secret clearance.

The ideal candidate will:

Provide support by utilizing experience in automation using Powershell, PowerAutomate, Logic Apps, Graph API.
Provide support by utilizing experience conducting Red Team operations in an MDE environment.
Provide support by utilizing experience with AWS, Cloud Audit, Serverless and Microservice Architecture.
Provide support utilizing experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services.
Provide support by performing web application and API penetration testing, and Cloud Security Audits.
Provide support by utilizing experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP).
Mimic attacks of threat actors defined by the Cyber Threat Intelligence (CTI) Team to assess and improve IT system resilience, SOC monitoring effectiveness, and tuning of security tools
Perform ad hoc, focused pen tests to validate the effectiveness of corrective actions taken to address identified weaknesses
Perform Penetration Testing Services for any internal or public websites and associated systems

Qualifications:

Candidate must have an active Secret security clearance.
With an accredited bachelor's degree within a relevant area the candidate must have a minimum of 6 years of experience. With a masters degree, a minimum of 3 years of experience.
Must have a CFR, Cloud+, CySA+, GCED, GICSP or PenTest+ certification.
Must also be able to obtain a Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE) or Offensive Security Wireless Professional (OSWP) certification within 6 months of employment.
Demonstrated experience performing vulnerability assessments with the Assured Compliance Assessment Solution (ACAS) tool.
Demonstrated experience utilizing penetration tools and mimicking threat behavior.
Demonstrated experience with performing STIG assessments to include using SCAP benchmarks.
Shall have demonstrated experience utilizing packet analyzer tools such as Wireshark and tcpdump.