Sr. Offensive Security Engineer: SATCOM

A2e Technologies Currently Assisting A Client Seeking:

Title: Senior Offensive Security Engineer

Location: Oceanside, CA

Remote/Onsite: Onsite/Remote 1-2 days per week

Term: F/T Perm

Start Date: ASAP

Required: Active Security Clearance (or within 5 years)

Responsibilities

Threat Intelligence Research:

• Lead the team analyzing cybersecurity attacks including
  • RF against Software Defined Radios
  • trends, and
  • methodologies using unclassified/classified Threat Intelligence.
• This includes working with
  • government/academic/commercial researchers and institutions,
  • operational technology research labs,
  • commercial companies and
  • public and private cybersecurity information sharing groups (e.g., ISACs) to
• Research and investigate in more detail vulnerabilities including zero days and techniques that could impact critical national infrastructure, defense, and Client networks.
• Collaborate with a cross-functional team of the engineering,
  • data science,
  • product management,
  • product marketing, and
  • senior leadership to enhance the client’s detection and response capabilities.

Active and hands-on participation in Red Team Exercises and Penetration Testing:

• Employ simulated adversary threat-based approaches to expose and exploit vulnerabilities and weaknesses to improve the security of both client and customer products and networks.
• Replicate tactics and techniques used by modern attackers, common network exploitation and penetration techniques as well as common software exploitation techniques.
• Develop attack plans to meet the specified objectives and coordinate with other Red Team Operators to achieve these goals.
• Provide constructive feedback to the defenders and product teams on their successes and failures.
• Make automation and security assessment tool development and implementation recommendation that assist with Red Team exercises and Penetration Testing.

Requirements

• Engineering/Technical degree
• Advanced offensive security certifications (i.e., OSCP/OSEP)
• White box testing and exploitation analysis using source code analysis
• Black box testing and exploitation analysis using reverse engineering and protocol fuzzing
• Experience with reverse engineering products and/or software
• Experience with satellite communications systems/terminals
• Experience with Software Defined Radio tools such as GNURadio
• Experience with Operational Technology (OT) assessments
• Demonstrate proficiency in system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting,
• PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Proficiency in PowerShell, Python, C, C#, Go or other to build and extend toolsets
• Experience with network security test tools and scanners ranging from:
  • nmap,
  • Netsparker,
  • Nessus, to
  • Metasploit and
  • Cobalt Strike
• Understanding of networking protocols with a preference for secure ones like:
  • SSH,
  • HTTPS,
  • TLS,
  • IpSec, and others
• Familiarity with Digital Signal Processing and/or RF telecommunications with a preference for experience with
  • SATCOM using GNURadio,
  • MatLab
• Understanding of security vulnerabilities and common software engineering flaws
  • Infrastructure,
  • product, and/or
  • application-level penetration or
  • Red Team testing experience Knowledge of attacker lifecycles and defender strategies
• A Subject Matter Expert for:
  • Red Team/Penetration Testing activities,
  • technologies, and
  • tools
  • Must have the ability to maintain an “Aggressive, Outsider Mindset” to “Think like an Attacker”
  • Experience with Linux/embedded Linux/RTOS

Benefits

• Medical/Dental/Vision Coverage
• Paid Time Off
• Tuition Reimbursement
• 401k (Employer Match)
• Company Stock Program
• Employee Referral Program

• A2e Does NOT Accept Unsolicited Resumes or Referrals from any source other than the candidate, and, as a result, we will not be considering any unsolicited referrals or resumes sent to us as a fee -based candidate submittal.
• Any unsolicited resumes sent to A2e, including unsolicited resumes sent to a A2e mailing address, fax machine or email address, directly to A2e employees, or to A2e’s resume database will be considered A2e property.
• A2e will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.
• Agencies are hereby specifically directed NOT to contact A2e employees, A2e’s recruiting team, or other authorized A2e personnel, in an attempt to present candidates.