Penetration Test Jobs (NOW HIRING)

Overview Avionics Penetration Tester - Mid-Level - TGEE LOCATION: Edwards AFB, CA Salary Range: Estimated $120,000.00 USD - $140,000.00 USD annually JOB STATUS: Full-time CLEARANCE: Secret CERTIFICATION: See Below TRAVEL: 20% Astrion has an exciting opportunity for an SE-3 Cybersecurity Penetration Tester for the TMAS 2 96 CTG Task Order, supporting the 48 CTS / TGEE. The 48th CTS/Det 1 conducts Cyber Security Test & Evaluation of Embedded Avionics & Weapons Systems for multiple platforms within the Air Force. REQUIRED QUALIFICATIONS / SKILLS Core qualifications * Technical BS Degree and 3-10 years of applicable experience. Additional experience may be substituted for education. * Active Secret clearance is required and must be able to obtain/maintain a Top Secret clearance. U.S. Citizenship is required. * Must have or be able to obtain DOD 8140 qualifications at the start of employment and maintain qualifications throughout employment. * Prior understanding of aircraft avionics navigation, communication, and datalinks is desired (GPS, ACARS, Mode-S, Link-16, and etc.) * Proficiency in analyzing and/or manipulating avionics communication protocols, such as ARINC 429, MIL-STD-1553. * Military aircraft operations, maintenance, test or acquisition experience is desired. * Prior knowledge and applicable experience using various RF testing tools such as HackRF, SDR's, spectrum analyzers, and Wireshark. * Knowledge of common vulnerabilities and attack vectors in aviation systems, including but not limited to buffer overflows, injection attacks, and protocol manipulation. * Understanding of aircraft network architectures, including intra-aircraft networks and inter-aircraft networks (e.g., Air Traffic Management Data Link, Aircraft Communications Addressing and Reporting System). * Understanding of cryptographic principles and their application in aviation security, including key management, encryption algorithms, and digital signatures. Or * Familiarity with industry-standard frameworks and methodologies for conducting penetration tests, such as OWASP Testing Guide and NIST SP 800-115 * Knowledge of endpoint security technologies and techniques, such as antivirus, host-based intrusion detection/prevention systems (HIDS/HIPS), and privilege escalation exploits. * Experience in identifying and exploiting security vulnerabilities in web applications, including injection flaws, cross-site scripting (XSS), and insecure direct object references (IDOR). * Familiarity with common networking protocols and technologies, such as TCP/IP, DNS, DHCP, VLANs, VPNs, and SSL/TLS. * Proficiency in conducting vulnerability assessments and penetration tests on network infrastructure, including routers, switches, firewalls, and servers. * Ability to effectively communicate technical findings and recommendations to both technical and non-technical stakeholders through detailed reports and presentations. * Prior experience with the use of enterprise penetration test tools. (nmap, Nessus, BurpSuite, Hydra, Metasploit, BloodHound.) * Continuous learning and staying updated with the latest security trends, vulnerabilities, and attack techniques through self-study, training, and participation in industry conferences and events. * Experience with python, bash, and PowerShell scripts * Capable of rewriting preexisting scripts, tools, or exploits to work on target systems. * Conduct penetration tests on Active Directory environments, leveraging tools like BloodHound and PowerView for reconnaissance and enumeration, to identify vulnerabilities and attack paths. * Execute advanced attack techniques, including pass-the-hash and golden ticket attacks, to assess the effectiveness of Active Directory security controls and simulate real-world threat scenarios. * Provide actionable recommendations and remediation strategies to improve the security posture of Active Directory infrastructures, emphasizing best practices such as least privilege principles and strong password policies. * Demonstrate the ability to complete a CTF if requested DESIRED QUALIFICATIONS / SKILLS * Bachelor's Degree in either Engineering or Cybersecurity related Discipline desired. * Active TS/SCI preferred. * OSCP, CPTS, PNPT certifications desired. * Prior understanding of aircraft avionics navigation, communication, and datalinks is desired (GPS, ACARS, Mode-S, Link-16, and etc.) RESPONSIBILITIES * Execute test projects and program objectives with various DoD and federal agency customers
* Review technical documentation related to Avionics Embedded Systems and RF datalinks and identify potential design shortfalls that might result in a cybersecurity weakness
* Develop test corpus and test plans to validate the presence of weaknesses
* Analysis data from test events and present this data in a coherent and accurate manner for the customer
* Work with operational testers and pilots to identify vulnerabilities which might affect the cyber resiliency of the platform for a given mission
* Assist with developing cyber contested environments to demonstrate the resiliency of the platform under test
#LI-AD1 #CJ