Cybersecurity Subject Matter Expert – Pen-Testing – Red Team – Purple Team

Cybersecurity Subject Matter Expert – Pen-Testing – Red Team – Purple Team

Requirements

• An ACTIVE and MAINTAINED TOP SECRET DoD security clearance
• Bachelor’s degree from an accredited university or college in Computer Science, Information Security, Cybersecurity or a related field AND FIVE (5+) plus years of post-graduation work experience in cybersecurity, with a focus on penetration testing, red teaming, and purple teaming; Or Master’s degree from an accredited university or college in Computer Science, Information Security, Cybersecurity or a related field AND THREE (3+) plus years of post-graduation work experience in cybersecurity, with a focus on penetration testing, red teaming, and purple teaming
• Relevant certifications such as OSCP, CEH, CISSP, or similar
• Strong knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001)
• Proficiency with penetration testing tools (e.g., Metasploit, Burp Suite, Nmap) and red team tools (e.g., Cobalt Strike, Empire)
• Excellent problem-solving skills and the ability to think like an attacker
• Strong communication and presentation skills, with the ability to convey complex technical concepts to non-technical stakeholders
• Ability to work independently and as part of a team in a fast-paced environment
• Ability to travel as required
• Currently reside in the contiguous United States
• This is a Hybrid role that requires the ability to work onsite in a core Guidehouse Office or Client Office location.

Responsibilities

• Conduct thorough penetration tests on networks, applications, and systems to identify security weaknesses.
• Develop and execute test plans, document findings, and provide actionable recommendations for remediation.
• Utilize various tools and techniques to simulate real-world attacks and assess the effectiveness of security measures.
• Plan and execute red team exercises to simulate advanced persistent threats (APTs) and other sophisticated attack scenarios.
• Collaborate with blue team members to test and improve detection and response capabilities.
• Document and present findings to stakeholders, highlighting potential risks and mitigation strategies.
• Work closely with both red and blue teams to facilitate purple team exercises aimed at improving overall security posture.
• Share insights and knowledge to enhance the effectiveness of defensive measures and incident response plans.
• Foster a culture of continuous improvement and knowledge sharing within the cybersecurity team.
• Perform regular security assessments and audits to ensure compliance with industry standards and best practices.
• Identify and prioritize security risks, and work with relevant teams to implement corrective actions.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.

Preferred Qualifications

• An ACTIVE and MAINTAINED Department of Energy (DOE) Q-Sensitive security clearance
• Preference will be given to candidates within 60 miles of a core Guidehouse office or Client Office location
• Experience with threat hunting and threat intelligence
• Knowledge of scripting languages (e.g., Python, PowerShell) for automation and tool development
• Familiarity with cloud security (e.g., AWS, Azure) and container security (e.g., Docker, Kubernetes)