Amentum is looking for an Exploitation Analyst that will develop or oversee development of detailed plans that are executed by the OPTEVFOR Red Team.  The Exploitation Analyst will function as a subject matter expert in cyberspace operations and use all available system documentation and intelligence sources to determine system access points and critical components to develop test objectives that are executed by a supporting red team. The Analyst will identify capability gaps and review cyber test requirements for each system under test and research and coordinate with other DoD organizations, academia, private sector and defense Contractors on cyber capabilities and tools to meet the test requirements. 

The clearance requirement for this position is ELIGIBILITY FOR TS/SCI.

Qualifications

• Bachelor’s degree in computer science, cybersecurity, or related technical degree OR minimum 5 years’ experience in DoD defensive or offensive cyberspace operations planning or exploitation analysis
• Proficiency in decomposing complex computer systems/networking configurations in support of system exploitation analysis
• Proficiency in Microsoft Office Applications (MS Visio, Project, Excel, PowerPoint etc.)
• Ability to perform detail-oriented work quality assurance/quality control prior to delivery to the government.
• Excellent written and oral communications skills to support briefing senior leadership (O6/GS-15 or higher)

Roles and Responsibilities

• HQ Tasks:
  • Serve as a OPTEVFOR 01D Exploitation Analyst supporting cyber survivability policy and process oversight to warfare divisions, and becoming proficient in, and following OPTEVFOR cyber-T&E concept of operations, SOPs, policies, and guidance.
  • Support sustainment and updating of OPTEVFOR to conduct and instruct Cyber Survivability Test Planning course.
  • Attend OPTEVFOR required meetings in support of OT&E.
  • Inform 01D Future Operations Officer of any challenges and issues in a timely manner for resolution
  • Maintain and participate in the development of 01D SOPs and OPTEVFOR Cyber test planning documents to include participation in and support of the CCB process.
• Pre-Test Planning
  • Support the Future Operations Officer to determine overall test strategy and level of cyber-OT&E for acquisition programs.
  • Support the Future Operations Officer in reviewing Test and Evaluation Master Plan (TEMP) (or other types of OT&E resourcing documents), Integrated Evaluation Framework (IEF), test plan or other test planning related documents to ensure adequate test strategies are established within OPTEVFOR policies and guidelines to include adjudication of related comments from stakeholders.
  • Support program specific T&E Integrated Product Team (IPT), cyber table tops and other internal or external events as assigned and non-program specific T&E IPTs, technical exchange meetings, and other briefs and meetings as required.
• Test Planning
  • Develop cyber survivability test plans following OPTEVFOR Cyber OT&E procedures and templates and with minimal administrative errors.
  • Coordinate with the warfare divisions and red team operators to ensure defined test objectives are comprehensive and executable, data collection requirements are adequately defined, cyber test capabilities are identified, resourced, and integrated prior to the test plan being signed.
  • Attend test planning visits in support of cyber-OT&E planning.
• Lead preparation of test execution, including
  • Participate in site pre-test coordination visits. Provide an in brief to the test site.
  • Conduct Pre-Execution Brief to 01D leadership.
  • Prepare library of data needed for test and arrange for its arrival at the test site.
  • Ensure all deconfliction requirements are met prior to test execution in accordance with JFHQ DoDIN and Navy Cyber Defense Operations Command guidance
• Lead execution of cyber-OT&E related test events as assigned, supporting cooperative vulnerability penetration assessments and adversarial assessments in accordance with DoD guidance and OPTEVFOR Cyber OT&E policies, guidance and procedures.
  • Coordinate with the OTD, site personnel, program office SMEs, and supporting red teams.
  • Ensure test are conducted safely and OPTEVFOR policies are adhered to.
  • Follow JFHQ-DODIN deconfliction procedures
  • Verify collected data for accuracy and completeness.
  • Conduct daily hotwashes during test and submit a daily summary report to the OTD and 01D leadership.
  • Ensure all test objectives are completed
• Post-Test
  • Support the Future Operations Officer during the post-test process to ensure traceability between test objectives, collected data, and post-test deliverables.
  • Coordinate with the OTD to set up post-test meetings.
  • Participate in post-test processes including data upload, scoring board, 01D Review Board, CEWG, SERB, and E-SERB.
  • Lead generation of final report products to ensure the information is technically accurate following OPTEVFOR Cyber OT&E procedures and templates and with minimal administrative errors. This includes, drafting of the Data Analysis Summary and Results Enclosure, and reviewing Blue/Gold Sheets drafted by Red Team Operators.

KSAT's

• Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Ns, data storage).
• Ability to create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
• Ability to collaborate effectively with others.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
• Ability to identify/describe target vulnerability.
• Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).
• Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
• Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).
• Knowledge of common networking devices and their configurations.
• Knowledge of concepts for operating systems (e.g., Linux, Unix).
• Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
• Knowledge of how hubs, switches, routers work together in the design of a network.
• Knowledge of how internet applications work (Simple Mail Transfer Protocol (SMTP) email, web-based email, chat clients, voice over IP).
• Knowledge of Internet and routing protocols.
• Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
• Knowledge of the basic structure, architecture, and design of modern communication networks.
• Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).
• Knowledge of front-end collection systems, including traffic collection, filtering, and selection.
• Perform analysis for SUT infrastructure exploitation activities.
• Collaborate with other internal and external partner organizations on target access and operational issues.
• Conduct analysis of physical and logical digital technologies (e.g., wireless, supervisory control and data acquisition, telecom) to identify likely avenues of access.
• Lead or enable exploitation operations in support of organization objectives and target requirements.
• Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their likely implications.
• Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
• Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
• Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
• Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
• Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
• Knowledge of common reporting databases and tools.
• Knowledge of all relevant reporting and dissemination procedures.
• Knowledge of strategies and tools for target research.
• Knowledge of organizational and partner policies, tools, capabilities, and procedures.
• Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives.
• Skill in creating plans in support of remote operations.
• Skill in generating test plans in support of mission requirements.
• Skill in analyzing network device configurations.
• Skill in assessing system under test security posture.
• Skill in documenting the execution and results in conducting a cyber-OT&E event.
• Ability to incorporate OPTEVFOR Red Team infrastructure and capabilities into OT&E test objective development.
• Knowledge of the basic structure, architecture, design, and vulnerabilities of communications systems.
• Knowledge of virtualized and cloud-based systems

Preferred Requirements

Security Clearance

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed,  marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters.