Don't miss updates, tips, webinars!Subscribe now
Milivate
Department of Homeland Security (DHS) - Cybersecurity and Infrastructure Security Agency (CISA) logo
Department of Homeland Security (DHS) - Cybersecurity and Infrastructure Security Agency (CISA)
Save job
Save job

Red Team Penetration Testing Specialist - CISA Pilot Program with Dept of Treasury

SkillBridge
NA
151 - 180 days
Posted 19 days ago

Multiple vacancies for this announcement. YOU DO NOT HAVE TO BE NEAR ARLINGTON, VA, PARTICIPANT WILL BE ASSIGNED TO NEAREST DEPARTMENT OF TREASURY OR DHS FACILITY! We are seeking an experienced Penetration Testing Specialist to conduct adversary emulation and exploit development activities across high value systems as part of an interagency pilot program with the Department of Treasury. You will design test plans, execute network, application, cloud, and social engineering campaigns, and deliver actionable reports that improve Treasury’s security posture and accelerate Authority to Operate (ATO) timelines.

ABOUT THE JOB

Multiple vacancies for this announcement. YOU DO NOT HAVE TO BE NEAR ARLINGTON, VA, PARTICIPANT WILL BE ASSIGNED TO NEAREST DEPARTMENT OF TREASURY OR DHS FACILITY! Plan and scope tests in alignment with NIST 800 115, RMF, and FedRAMP guidance; coordinate Rules of Engagement and deconfliction with stakeholders. Execute penetration tests and red team operations against web, API, mobile, platform (Linux, Windows, Nutanix) and cloud workloads (AWS, Azure, GCP), leveraging tools such as Kali Linux, Burp Suite, Cobalt Strike, Metasploit, and custom scripts. Develop custom exploits and proof of concept payloads to demonstrate control weaknesses and potential business impact. Generate concise, prioritized reports that map findings to NIST 800 53 controls and MITRE ATT&CK techniques; brief technical teams and stakeholders on remediation. Collaborate with detection engineers to replay attack chains, fine tune SIEM/SOAR alerts in Splunk, and validate blue team coverage. Create and contribute to continuous-security validation pipelines, automating security checks, scans, attack simulations to include CI/CD workflows, IaC, and PaC.

RESPONSIBILITIES

  • Plan and scope tests in alignment with NIST 800 115, RMF, and FedRAMP guidance; coordinate Rules of Engagement and deconfliction with stakeholders.
  • Execute penetration tests and red team operations against web, API, mobile, platform (Linux, Windows, Nutanix) and cloud workloads (AWS, Azure, GCP), leveraging tools such as Kali Linux, Burp Suite, Cobalt Strike, Metasploit, and custom scripts.
  • Develop custom exploits and proof of concept payloads to demonstrate control weaknesses and potential business impact.
  • Generate concise, prioritized reports that map findings to NIST 800 53 controls and MITRE ATT&CK techniques; brief technical teams and stakeholders on remediation.
  • Collaborate with detection engineers to replay attack chains, fine tune SIEM/SOAR alerts in Splunk, and validate blue team coverage.
  • Create and contribute to continuous-security validation pipelines, automating security checks, scans, attack simulations to include CI/CD workflows, IaC, and PaC.

QUALIFICATIONS

  • 4+ years of professional penetration testing or red teaming experience in large or federal environments
  • One or more certifications: OSCP, GPEN, GXPN, GWAPT, CRTO, or equivalent practical assessment
  • Proficiency in scripting (Python, PowerShell, Bash) for exploit automation and tool development
  • Demonstrated expertise with common offensive security frameworks (Cobalt Strike, Caldera, Sliver) and cloud focused attack methodologies
  • Strong written and verbal skills to translate complex technical findings into executive level risk statements; advise and recommend risk management and architectural changes based on security finds

ADDITIONAL ELIGIBILITY

Multiple vacancies for this announcement. YOU DO NOT HAVE TO BE NEAR ARLINGTON, VA, PARTICIPANT WILL BE ASSIGNED TO NEAREST DEPARTMENT OF TREASURY OR DHS FACILITY! Desired qualifications are (a) 4+ years of professional penetration testing or red teaming experience in large or federal environments, (b) One or more certifications: OSCP, GPEN, GXPN, GWAPT, CRTO, or equivalent practical assessment, (c) Proficiency in scripting (Python, PowerShell, Bash) for exploit automation and tool development, (d) Demonstrated expertise with common offensive security frameworks (Cobalt Strike, Caldera, Sliver) and cloud focused attack methodologies, (e) Strong written and verbal skills to translate complex technical findings into executive level risk statements; advise and recommend risk management and architectural changes based on security finds.

TARGET MOCS

17C, 1B4, 0689, CTN, CMS

OTHER

Multiple vacancies for this announcement. YOU DO NOT HAVE TO BE NEAR ARLINGTON, VA, PARTICIPANT WILL BE ASSIGNED TO NEAREST DEPARTMENT OF TREASURY OR DHS FACILITY! TO APPLY: Tailor a resume outlining the Jobs Description and Other Eligibility Factors. Title the email "Red Team Skillbridge Opportunity." Address the email to anthony.travieso@mail.cisa.dhs.gov. Include your separation date and availability dates (start/finish) in the body of the email.

POINT OF CONTACT

Sean Mclaughlin

COMPANY REVIEWS

No reviews yet. Be the first to review this organization!
Penetration Testing
Red Team
Cybersecurity
Veterans
Military Skillbridge Opportunity
NIST 800
MITRE ATT&CK

Similar Jobs