Penetration Tester

Secure Division Support. The GCC provides CSSP responsibilities and conducts DODIN Operations and DCO Internal Defensive Measures (IDM) to protect the DODIN IAW the DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities are broken into five 5 CSSP functions; Identify Protect Detect Respond and Recover. GCC is responsible to conduct these functions for its assigned portion of the DODIN for both unclassified and classified networks/ systems. The division provides support services for the protection monitoring analysis detection and response to unauthorized activity within the DoD Information Systems and Networks. DCOIDM services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet and SIPRNet. The division provides defensive measures to protect and defend information computers and networks from disruption denial degradation or destruction. The division provides sensor management and event analysis and response for network and hostbased events. For sensor management the division provides management of inline Network Intrusion Protection System/Network Intrusion Detection System (NIPS/NIDS) sensors monitoring all CONUS DoDINA NIPRNet and SIPRNet Enterprise traffic to detect sensor outages and activities that attempt to compromise the confidentiality integrity or availability of the network. In coordination with GCC Operations DCO initiates defensive security procedures upon detection of these attacks. Event analysis and response includes the processes involved with reducing multiple cyber incidents to actual malicious threat determinations and mitigating those threats IAW guidance received from GCC Government leadership. Support the Government in providing services for CSSP services on both the NIPRNet and SIPRNet IAW Appendix E: Secure Division Workload Assessment in support of the CONUS portion of the DoDINA. Develop reports and products both current and longterm in support of CSSP and course of action development. Prepare Tactics Techniques and Procedures (TTP) SOPs Executive Summary (EXSUMS) trip reports and information/point papers. Contribute during the preparation of agreements policy and guidance documentation such as Memorandums of Understanding / Agreement (MOU/A) Service Level Agreements (SLA).
Defensive Cyber Assessment (DCA) Support. The DCA Branch within the CSSPD is responsible for conducting both local and remote penetration testing designed to emulate current threat models to the Army network to execute an assessment of the defensive security posture. Evaluate for acceptance new penetration testing TTPs (new tool usage or adversary TTP) as required for inclusion on approved penetration tools list. Maintain documentation and howtouse guides for all vetted penetration testing (PT) tools.
CDAP Support. CDAP missions are conducted IAW AR 38053 Communications Security Monitoring. The CDAP consists of three 3 mission areas: NAVs NDAs and Persistent Penetration Testing (PPT).
NAV Support. Support the Government in assessing a BPCS and/or an organizations security enclave by means of trends and analysis to prioritize NAVs. Conduct one 1 NAV per month (on average) IAW established BBP regulations policies and procedures and as requested. NAVs require travel to a remote site to execute onsite penetration testing over a one 1 week period or longer depending on the requirements of the mission. Per AR 38053 a NAV consists of four 4 phases:
Phase 1: Provide/authorization (conducted from home station). Assist in providing authorization and information about the target IS network to establish the operating and mission parameters or Rules of Engagement (ROE). Execute coordination between the CDAP team and the requesting unit to identify requirements for the NAV. The CDAP team will provide a prebrief to unit commander and support staff on details of each phase expected outcomes schedule and limitations. Provide three 3 recommended dates based off the requesting units proposed dates based off operations. Identify potential team members to participate in the NAV mission.
Phase 2: Network survey (conducted from home station). Obtain information regarding the design and implementation of the target network and discover (scans for) information about devices on the network and its possible weaknesses. Compare differences between design and implementation and then evaluate the networks susceptibility to intrusion/exploitation. Retrieve results from a recent vulnerability assessment scan of the site to execute an analysis of this data to identify potential targets (systems and/or vulnerabilities) prior to arriving on site. Develop an inbrief to be provided to the requesting unit upon arrival to go over what will be executed during the duration of the mission and validate the rules of engagement agreed upon. CDAP team members shall also prepare mission equipment shipping containers and coordinate with logistics personnel in securing the shipping of equipment to the remote site.
Phase 3: Network penetration testing (conducted from both home station and at remote site). This phase examines the degree and depth of information compromise obtained by potential intruders; evaluates the ability of the targeted network to detect the presence of an intruder; and acts as threat actors attempting to circumvent the targeted networks defenses by several means. Utilize approved tools to execute penetration testing of the remote site by utilizing established TTPs. Penetration testing will be conducted against systems and/or devices identified within the mission planning documentation and the ROE. There may be reason to execute phishing campaigns in conjunction with the penetration testing to gain a foothold into the network. Develop and present a final outbrief upon completion of the mission to discuss the findings of the mission trends observed and any recommendations/mitigation actions which need to be executed. Secure all equipment and coordinate with shipping personnel to ensure equipment returns to home station.
Phase 4: Final Report (conducted from home station). Provide the requesting unit or activity an executive summary outlining impacts and recommendations for securing the target network including detailed information on impacts risk assessments and recommended fixes to secure the target network or subnet. The report will also include any findings that indicate the current presence of an adversary must be reported to the GCC Government leadership immediately with a formal writeup within two 2 hours. Document and report any findings that could lead to a potential Category (CAT) I/CAT II IAW CJCSM 6510.01B and a Cyber Operations Readiness Assessment (CORA). Provide final report within 30 days of the completion of the NAV as identified in Table 1: Deliverables. Due to the sensitive dissemination control of this report information is managed by the GCC.
NDA Support. Although Theater Cyber Protection Teams (CPTs) execute most NDA mission the Contractor shall provide support the Government in the of an NDA event. In support of NDA .
Validate suspected compromises and identify the depth of intrusions to gain knowledge for use in mitigation recovery and future prevention of possible compromises.
Use the results of each assessment (on going) to determine the best method of mitigation and/or continued monitoring.
Report findings which indicate the current presence of an adversary to Government leadership immediately with formal write up within two 2 hours.
Document and report any findings that could lead to a potential CAT I/CAT II IAWCJCSM 6510.01B and a CORA.
Provide verbal updates to the Government lead every two 2 hours that covers progress immediate findings and/or issues.
Provide a formal report to the network/systems owner or the AO and the Information Systems Security Manager (ISSM) within five 5 business days of the completion of the NDA as identified in Table 1: Deliverables. The assessment shall consist of: Gathering host logs from compromised system(s) Conducting onsite scans with an anomaly detection tool to determine width of cyber incident AO. Cyber incident handling onsite for newly identified compromised systems. Assisting onsite administrators with securing affected network(s) Assisting cleanup Providing daily updates on situational awareness to leadership/pertinent agencies Preparing final NDA report Publishing and maintaining NDA TTPs Coordinating NDA efforts with ARCYBER and affected organizations.
PPT Support (conducted from home station). Support the Government in the of approximately two 2 PPT missions per month (historically) or as required on all supported networks to identify potential weaknesses and network deficiencies by circumventing the defensive posture to gain access onto the network. PPT missions include highrisk web vulnerability assessments non/limited notice penetration testing of assets phishing assessments/campaigns and other activity designed to identify vulnerabilities on the CONUS networks. PPTs also include opensource research of vulnerabilities exploits and other related activity. Prepare and provide a final report detailing the activity executed vulnerabilities and/or weaknesses identified during the assessment and recommended mitigation actions to improve the defensive posture of the targeted network IAW Table 1: Deliverables. Execute highrisk web assessments nonnotice penetration testing of assets ondemand testing of network devices and other activity required to assess the defensive posture of the targeted network. Utilize approved CDAP tools to execute these assessments and to emulate threat actors and their TTPs in gaining a foothold into the Army networks. Review internally developed threat documents (by GCC); externally released products by higher headquarters to include portals tippers tasking orders etc.; and commercial vendor sites identifying new vulnerabilities or exploits in the wild to identify target for PPT missions. These missions result in recommendations of mitigation actions required to resolve these weaknesses and/or deficiencies.
PPTs shall also include of phishing assessments/campaigns with CONUS Theater stakeholders and their subordinate commands. Execute a phishing assessment designed to reinforce phishing awareness by emulating APT actions used by Nationstate or other adversaries to gather information or gain a foothold in the Army networks. Phishing exercises both user awareness as well as unit/organization incident response plans to this type of threat. Utilize authorized CDAP tools to develop phishing scenarios malicious/nonmalicious payloads for the purpose of gaining access to the remote system and email content to lure users to click on the phishing URLs or payloads. Ensure utilized tools collect required information needed to produce reports based on user metadata identifying who clicked on the phishing the category of user (i.e. Department of Army Civilian military or Contractor) and appropriate screenshots to demonstrate successful access to remote systems. Conduct both scheduled and limited notice phishing campaigns as required. Phishing campaigns are normally conducted from home station; however in some cases may be executed at a remote site during a NAV.

Qualifications:

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
• Certifications: DCWF code 541 Intermediate: CompTIA Cloud or CompTIA PenTest or CompTIA Security or GIAC Certified Enterprise Defender (GCED) or GIAC Global Industrial Cyber Security Professional (GICSP)
• Top Secret w/SCI security clearance
• Experience in drafting written reports
• Extensive experience in reviewing and examining data and information that supports cybersecurity assessments
• Experience in pen testing fundamentals

Peraton is a nextgeneration national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit peraton to learn how were keeping people around the world safe and secure.