Penetration Tester (Remote)

Raytheon Technologies
Washington, DC
Dec 01, 2021
Dec 03, 2021
Accountant, IT
Full Time
Date Posted: 2021-08-23-07:00 Country: United States of America Location: HDC99: Field Office - DC 123 Remote Drive, Remote City, DC, 20001 USA Raytheon Technologies Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises four industry-leading businesses Collins Aerospace Systems, Pratt & Whitney, Raytheon Intelligence & Space and Raytheon Missiles & Defense. Its 195,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Waltham, Massachusetts. To realize our full potential, Raytheon Technologies is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed. Lead Red Team Penetration Tester Raytheon Technologies Corporate Headquarters Job Description Raytheon Technologies is seeking a highly qualified and motivated individual to join the Cybersecurity Intelligence and Assessment group to conduct red team operations and generate associated vulnerability assessments. The Red Teamer must be able to plan, communicate, coordinate, and conduct red team activities, penetration tests, and security assessments for applications, systems and enterprise networks while adhering to strict rules of engagement and ethical cyber operational behavior. Job responsibilities include * Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests * Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Windows or *nix; conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities * Perform security reviews of application designs, source code, and deployments as required, covering all types of applications (web application, web services, mobile applications, thick applications, SaaS) * Performs penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.) * Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities * Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk * Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests * Provide regular risk briefings to senior management on findings and develop remediation approaches and recommendations to improve cybersecurity posture Experience/Qualifications * Bachelor's degree or equivalent experience and 7+ years additional relevant work experience in an environment that supports integrated risk management preferred * 7+ years of experience in security with practice in penetration testing and vulnerability assessments * Strong Active Directory background, evaluating trust domains, Kerberoasting * Experience with web and mobile applications, databases, operating systems * Experience in penetration testing large and complex enterprise networks and cloud environments * Experience with utilizing penetration testing framework such as MITRE ATT&CK & OWASP * Hands-on OS configuration/administration experience * Skilled in conducting non-attributable research using all available sources, including social network analysis * Programming experience with focus on penetration testing or process automation * High degree of experience with the following technologies: * Cobalt Strike, Kali Linux * PowerShell, C#, GhostPack, Bloodhound * Metasploit * Nmap, Burp Suite * Excellent communication and interpersonal skills Education: Typically requires a university degree or equivalent experience and minimum 7 years prior relevant experience or an advanced degree in a related field and minimum 5 years experience. * MBA preferred. * Industry accreditations are Preferred (ITIL) Location:Remote or any US RTX location Required Status: US Citizen or US Person required as work may involve visibility to ITAR related projects. Desired Certifications (one or more desired) * OSCP, OSCE, OSWE, CEH, SANS, CISSPRaytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class. Privacy Policy and Terms: Click on this link (-Applicant-Privacy-Notice) to read the Policy and Terms Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Similar jobs