IT Specialist (InfoSec) - Red Cyber Operator

Fort Belvoir, Virginia
Nov 28, 2022
Dec 06, 2022
Full Time

This position is being filled under the DoD Modified Direct Hire Authority, per 5 U.S.C. § 9905, 10/15/2021

As a IT Specialist (InfoSec) - Red Cyber Operator at the GS-2210-13 some of your typical work assignments may include:
  • The position is located in the Cyber Red Team element of the DoD Red Team Division (MAR), Mission Assurance Department (NE-MA), Nuclear Enterprise Directorate (NE), Defense Threat Reduction Agency (DTRA).
  • The incumbent serves as a Red Cyber Operator, utilizing offensive computer network expertise to emulate a potential adversary's cyber reconnaissance and exploitation techniques and attack capabilities against a targeted mission, system, network, component, or capability on behalf of senior DoD stakeholders.
  • The incumbent executes computer network operations against official U.S. government organizations worldwide for the purpose of strengthening information system security, identifying potential intrusions and vulnerabilities, and recommending mitigation strategies and techniques to secure networks, and assist customer efforts to identify, analyze and develop defensive measures to thwart advanced, state-sponsored intrusions of DoD and Federal Government networks.
  • This is a technical, hands-on role requiring the incumbent to plan and execute cyber red team operations, serve as a cyber red team operations lead for assigned operations, and provide cyber red team technical subject matter expertise. The incumbent performs on-net red cyber operations including network reconnaissance, vulnerability analyses, and exploitation of computer components and architectures of systems and networks to identify exploitable conditions within a network.
  • The incumbent serves as the cyber red team operations lead for assigned operations as well as a hands-on technical operator during operations. The incumbent develops the technical approach and oversees execution for assigned cyber red team operations. The incumbent provides guidance to other red cyber operators supporting the planning, execution, and post-assessment analysis of assigned cyber red team operations. The incumbent maintains operational, technical and authoritative situational awareness during exploitation and while performing assigned red cyber operations. The incumbent interfaces with the customer and provides an outbrief at the end of assigned operations. The incumbent maintains a significant technical on-net role both in operations they lead and operations they support.
  • The incumbent researches the TTPs of nation-state adversary groups and produce concepts of operation that enable emulation of adversarial cyber capabilities. The incumbent collaborates with analysts, assessors, and other red cyber operators to develop realistic, sophisticated adversarial attack vectors.
  • The incumbent helps to shape the team training program and is able to partake in a significant number of training opportunities when they are not performing their cyber red team operations lead role. The incumbent participates in red team and cyber security conferences, industry events, and courses in order to build red cyber operator skill competencies.


Conditions of Employment

  • Must be a U.S. Citizen
  • Occasional Travel
  • Work Schedule: Full-time
  • Males born after 12-31-59 must be registered for Selective Service
  • Suitable for Federal employment, determined by a background investigation
  • May be required to successfully complete a probationary period
  • Overtime: Occasionally
  • Tour of Duty: Set Schedule
  • Recruitment Incentives: Authorized, see link:
  • Fair Labor Standards Act (FLSA): Exempt
  • Financial Disclosure: Not Required
  • Telework Eligibility: This position is telework eligible
  • COVID19: Please see, additional information.
  • Must be able to obtain/maintain a TS/SCI security clearance.
  • This is a designated drug testing position.
  • Of note, this position will be open for 90 days with certificates of qualified candidates pulled and furnished to the hiring manager every 30 days, or until all positions are filled. We encourage you to apply early within the posting period.


You may qualify at the GS 13, if you fulfill the following qualifications:

One year of specialized experience equivalent to the GS-12 grade level in the Federal service as listed below:
  • Extensive experience in providing leadership and cyber security/testing/operations
  • Strong knowledge of Computer Network Operations/Exploitation/Defense support in cyber operations, Mission Assurance, Red Teaming, and/or Vulnerability Assessments. Experience with red teaming, penetration testing, on-keyboard cyber threat hunting, or on-keyboard purple or blue teaming are preferred.
  • Some experience conducting cyber threat emulation, cyber threat hunting, offensive penetration testing, cyber security threat detection, malware analysis, cyber forensics, red team operations, vulnerability assessments, malicious user testing, and/or cyber threat analysis
  • Excellent written and oral communication skills and capable of performing simultaneous actions.
  • Some experience making risk-informed decisions in a complex, dynamic environment and briefing those decisions to leadership.
  • Currently hold advanced cyber security certifications.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.


Substitution of education may not be used in lieu of specialized experience for this grade level.

Additional information

COVID19 - To ensure compliance with an applicable preliminary nationwide injunction, which may be supplemented, modified, or vacated, depending on the course of ongoing litigation, the Federal Government will take no action to implement or enforce the COVID-19 vaccination requirement pursuant to Executive Order 14043 on Requiring Coronavirus Disease 2019 Vaccination for Federal Employees. Therefore, to the extent a Federal job announcement includes the requirement that applicants must be fully vaccinated against COVID-19 pursuant to Executive Order 14043, that requirement does not currently apply. Federal agencies may request information regarding the vaccination status of selected applicants for the purposes of implementing other workplace safety protocols, such as protocols related to masking, physical distancing, testing, travel, and quarantine.

DELETE if not used for your agency:

Due to COVID-19, the agency is currently in an expanded telework posture. If selected, you may be expected to temporarily or intermittently telework.

Other Notes:
  • This is a DoD Information Assurance (IA) Workforce Improvement Program (DoD 8570.01) position. The CTE must obtain and/or hold a IAT Level III certification. Failure to maintain IAT certification may result in the termination of employment. New hires must obtain the appropriate certification as identified in 8570.01 within 6 months of being assigned IA functions beginning the date they start in the position. Candidate must show a minimum of 3 years CNO/CNE/CNA/Pentest/Threat or Adversary Emulation experience.
  • Desired (NOT Required) Professional Certifications: Offensive Security Certified Professional (OSCP), SANS GIAC Penetration Tester (GPEN), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Web Application Penetration Tester (GWAP), SANS GIAC Python Coder (GPYC), SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), SANS GIAC Security Expert (GSE).

RE-EMPLOYED ANNUITANT: This position DOES NOT meet criteria for re-employed annuitant. The DoD criteria for hiring Re-employed Annuitants can be found at:

All applicants must meet qualifications and eligibility criteria by the closing date of the announcement.

Interagency Career Transition Assistance Programs: This program applies to employees who have been involuntarily separated from a Federal service position within the competitive service or Federal service employees whose positions have been deemed surplus or no longer needed. To receive selection priority for this position, you must: 1) meet ICTAP eligibility criteria; 2) be rated well-qualified for the position; Well qualified is defined as possessing the type and quality of experience that exceeds the positions minimum qualifications. and 3) submit the appropriate documentation to support your ICTAP eligibility. For more information:

Males born after 12-31-59 must be registered or exempt from Selective Service (see Who Needs to Register | Selective Service System : Selective Service System ( )

More searches like this