Red Team Security Engineer

Overview

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity. Our elite team of more than 400 experts has an unparalleled record of performance supporting Red Team Operations, Defensive Cyber Operations, Software Engineering, and Technical Engineering. With the largest contingent of contracted Red Team operators in the DoD, we provide an unmatched level of threat intelligence and battle-tested experience for customers in both the DoD and federal civilian markets.

What We Believe

We believe that diversity is a fact, inclusion is a choice.  At Millennium Corporation, we are inclusive. We celebrate multiple approaches and different points of view. We strongly believe that diversity drives innovation, and we are building a culture where differences are valued. We are always growing our programs and we offer tools to help our employees grow and manage their careers.

Millennium is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. Millennium promotes affirmative action for women, minorities, disabled persons, LGBTQ+ and veterans.

Responsibilities

Millennium Corporation is hiring a Red Team Security Engineer to work in Dam Neck, VA. The candidate must have an active TS/SCI clearance.

• Penetration testing experience to provide support to technical processes and technical management processes in support of comprehensive test and evaluation associated with test support, operational verification of installations and support efforts for Developmental Test and Evaluation (DT&E), Operational Test and Evaluation (OT&E), and Penetration testing (PEN testing).
• Provide support by utilizing experience working with Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation.
• Provide support by utilizing experience in automation using Powershell, PowerAutomate, Logic Apps, Graph API.
• Provide support by utilizing experience working with Microsoft Entra ID and Microsoft 365 in a hybrid environment.
• Provide support by utilizing experience extending or integrating on premises AD with Entra ID.
• Provide support by utilizing experience managing identity and access in Microsoft Entra ID.
• Provide support by utilizing experience conducting Red Team operations in an MDE environment.
• Provide support by utilizing experience with AWS, Cloud Audit, Serverless and Microservice Architecture.
• Provide support utilizing experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
• Provide support by performing web application and API penetration testing, and Cloud Security Audits
• Provide support by utilizing experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
• Providing support by writing proof of concept code to demonstrate the severity of a potential security issues
• Provide support by utilizing working knowledge with scripting languages (e.g. Python, Perl, PHP, Ruby)
• Provide support by utilizing working knowledge with Programming language (e.g. C, Java, Python, JavaScript)

Qualifications

• Candidate must have an active TS/SCI security clearance.
• Minimum of 8 years with BS/BA; Minimum of 6 years with MS; Minimum of 3 years with PhD; Associate degree or higher from an accredited college or university and 5+ years of experience.
• Must have one of the following certifications CFR, Cloud+, CySA+, GCED, GICSP or PenTest+ OR a Bachelor degree or higher from an accredited college or university of Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering. 
• Offensive Security Certified Professional (OSCP) or Offensive Security Certified Expert (OSCE) or Offensive Security Exploitation Expert (OSEE) or Offensive Security Wireless Professional (OSWP) certification required.
• Demonstrated experience performing vulnerability assessments with the Assured Compliance Assessment Solution tool.
• Demonstrated experience with performing STIG assessments toinclude using SCAP benchmarks.
• Shall have demonstrated experience utilizing packet analyzer tools such as Wireshark and tcpdump.

Required: 

• Shall have a minimum of five (5) years of experience in penetration testing and/or offensive Cyber operations.
• Shall have demonstrated experience utilizing penetration tools.
• Shall have demonstrated experience in mimicking threat behavior.

Business Development

Assist with Business Development activities as required to support Millennium's strategic business objectives, which may include but not limited to participation in technical interviews, creation of technical documentation, general proposal writing support and proposal color reviews.

Physical Requirements

• Must be comfortable with prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 10-15 pounds at a time.

Travel Requirements

Up to 25%