Cyber Security Engineer (Red Team)
Role details
Job location
Tech stack
Job description
Supports the United States Navy, Naval Air Warfare Center, Aircraft Division, Cyber Warfare Engineering Services. As a Red Team member, work independently to establish vulnerability research environments, assess the operational impact and understand the root-cause, and design proof-of-concept (PoC) mitigations. Responsibilities include, but are not limited to: Threat intelligence and research synthesis: Research open-source intelligence, web forums, and security advisories to track adversarial tactics, techniques, and procedures. Develop and contribute to internal vulnerability databases to ensure threat signatures and severity metrics are accurate.
- Vulnerability discovery and analysis: Conduct static and dynamic analysis on applications and system components. Perform source code reviews to locate logical flaws, memory corruption vulnerabilities, and cryptographic weaknesses.
- Mitigation and remediation support: Use debugging, disassembling, and binary analysis tools to reverse-engineer compiled binaries. Develop functional, stable PoC exploits to validate the severity and reachability of discovered flaws. Triage crash reports generated by automated testing tools, determine if a vulnerability is exploitable or a denial-of-service (DoS) state. Collaborate with software developers and engineering teams to design and implement robust, long-term patches.
- Technical documentation and reporting: Prepare comprehensive, clear, and actionable technical reports detailing the vulnerability, root cause, impact, and reproduction steps. Translate complex binary and code-level findings into clear risk assessments for stakeholders and system administrators.
- Other duties consistent with the statement of work.
- This is an on-site position but may be eligible for compressed work schedule.
Requirements
- Bachelor's degree from an accredited college or university in Computer Science, Engineering, Software Engineering or related technical discipline
- 5-years of experience working in the area of cyber security vulnerability, or a master's degree and/or advanced certifications in lieu of 5-years of experience
- Qualified in at least one of the DoD Cyber Workforce Framework (DCWF) roles listed at https://www.cool.osd.mil/usn/cswf/indes.htm.?CWFModel, or obtain a DCWF qualification within 60-days of on-boarding
- Experience programming in Python and using GHIDRA, IDA Pro, or other reverse engineering tools
- Strong technical communication skills
- Strong organizational skills, ability to capture, distill, and centralize pertinent information for informed decision making using existing communication tools
- Active Top Secret security clearance and SCI access
Desired Skills
- Knowledge of adversarial threat tactics, techniques, and procedures
- Knowledge of naval aviation acquisition programs
- Knowledge of/experience with aviation platforms
- Certified in Microsoft or Linux operation
Clearance Information
SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS, A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL Travel Requirements
- less than 10%
Benefits & conditions
life insurance, paid time off, paid holidays, tuition reimbursement, 401(k), SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals with amounts increasing based on role and years of service, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information. EEO
Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment.