​​​​​​​​Employee Type: Full-Time
Location:  Norfolk, VA
Job Type: Senior Cyber Test Engineer
Experience: 5+ Years​

Clearance Type: Secret (TS Eligible)

AERMOR LLC. is seeking qualified candidates with Cyber Test Engineer experience that will be able to work closely with other members of a test team to help produce test plans for the Navy Red Team (NRT).

Responsibilities Include:

• ​Observes and assesses fleet and combatant cyber exercises.
• Develop, maintain and assist in the execution of test plans.
  
• Conduct a Cybersecurity architecture (SUT or SoS) review and document review.
  
• Participate in cross-functional team meetings, scoping, decision making, and technical discussion.
  
• Interface with developers to obtain and clarify documentation.
  
• Review system diagrams, cybersecurity architecture, and other documentation analyze testability of requirements, and identify the attack surface and attack vectors.
  
• Apply analytical and problem-solving skills to determine appropriate testing scenarios in alignment with the mission as well as functional and technical specifications.
  
• Communicate with key stakeholders to ensure their requirements are met.
  
• Work closely with Program Office and development teams to stay current on system functionality.
  
• Review hardware and software capabilities and vulnerabilities as required to support testing.
  
• Conduct Cybersecurity test planning site surveys.
  
• Develop cybersecurity test designs to support Operational Test Directors.
  
• Identify representative exploitations to fully test the cybersecurity of any system under test.
  
• Coordinate with other program elements while conducting security testing.
  

Required Skills and Experience:

• Experience decomposing system diagrams, cybersecurity architecture, and other documentation to determine the potential attack surface and attack vectors.
• Experience with software and/or hardware testing.
  
• Demonstrated ability to organize, prioritize, and self-manage multiple project tasks.
  
• Proficiency with computer hardware and software systems.
  
• Knowledge of Microsoft and Linux operating systems and embedded and Real-Time Operating Systems.
  
• Ability to articulate open issues and risks in a timely manner to management and make recommendations.
  
• Must be a self-starter with the ability to pick up and learn new systems and architectures with little supervision, as well as to adapt to a variety of situations and tasks.
  
• Excellent written and verbal communication skills.
  
• Identify insider and nearside threat opportunities and mitigations as well as physical security controls.
  
• Familiarity with computer security measures.
  
• Experience with test automation.
  
• Experience with Defense Information Systems Agency (DISA) Security Implementation Guides (STIGs) and security controls.
  
• Knowledge of Cyber test tools (e.g. Retina, SCAP, ACAS, Nessus, Metasploit, Burp, Nessus, Kali Linux Tool Suite, Core Impact, Burp Suite, IDA Pro, OllyDbg/WinDbg, Nmap, John the Ripper, Cain, Nikto, and packet analysis tools (Wireshark/TCPDump)).
  
• Familiar with the Risk Management Framework.
  
• Knowledge of domain structures, user authentication, data encryption, access audits, and end-user security best practices.
  
• Knowledge of data at rest and data in motion principles.
  
• Knowledge of network defense systems including but not limited to network and host-based IDS, IPS, firewall, web application firewall, proxy, and SIEM systems.
  
• Understanding of SCADA systems and protocols.
  
• Knowledge of current security tools and industry best practices: tools, techniques, procedures, tactics, attacks, and forensics.
  
• Understanding of storage and databases, including relational databases, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
  
• Experience with system administration, networking, Computer Network Attack (CNA), Computer Network Exploitation (CNE), Computer Network Defense (CND), and/or penetration testing.
  
• Understand fundamentals of how to exploit vulnerabilities in tested systems including (but not limited to): system misconfigurations, zero-day vulnerabilities, Denial of Service (DoS) or Distributed Denial of Service (DDoS) vulnerabilities, privilege escalation, unsupported or unpatched software, and phishing attacks.
  

Desired:

• Knowledge of DoD/Navy networks and communications.
• Experience with TCP/IP, VLANs, Cyber vulnerability remediation, and Cyber risk analysis.
  
• Familiarity with the DISA Enterprise Mission Assurance Support Service (eMASS) application as used to develop, manage and track IA artifacts.
  
• Familiarity with Information Assurance Vulnerability Management (IAVM) Plan.
  
• Knowledge of scripting and its uses in Cyber testing.
  
• Experience translating requirements and capabilities into operational test plans.
  
• Knowledge and experience with Virtual Machines.
  
• Knowledge and understanding of system BIOS settings.
  

Education Requirements

• 4 Year Degree in one of the following: Computer Science, Computer/Electrical engineering, Systems Engineering (technical), Aeronautical engineering OR
• ​Minimum 2 years of DoD cybersecurity experience AND Minimum 2 years’ experience in one of the following: Network engineering, Programming (C/C++, python, Bash, etc.), Systems test engineering, Project management, Penetration testing.
  
• ​DoDD 8570 IAM/IAT II certification or ability to obtain.​​

​

Apply Now​

​

For more information contact: careers@aermor.com

Cyber Test Engineer​

AERMOR LLC