Red Cyber Operator
Company: Beyond SOF
Location: Fort Belvoir
Posted on: April 1, 2026
|
|
|
Job Description:
Background The DTRA Cyber Red Team is an applicant DoD Cyber Red
Team looking for motivated, self-starters to help build the
organization’s red cyber capability and capacity in support of the
Certification and Accreditation (C&A) process. The candidate’s
contributions will play an important role in the C&A process.
Red Cyber Operators (RCO) emulate a potential adversary’s offensive
cyberspace operations and exploitation techniques against a
targeted mission, system, network, component, or capability. Red
Cyber Operators action information gathered from readily available
open-source internet resources to identify exposed or compromised
information, vulnerabilities, and misconfigurations. The RCOs
employ tools against these compromises, to demonstrate a loss of
confidence in the target’s functional and security posture forcing
the target to operate in a degraded, disrupted, or denied cyber
environment. Red Cyber Operators will be assigned to both White and
Red Cells. Prior to physical assessment operations, the Red Cyber
Operators will work closely with Red Cyber Analysts to identify
targets, research, scan, and map networks. During these components
of the assessment, Red Cyber Operators will not deliver effects
that could be categorized as anything but Reconnaissance or
collecting technical targeting data. The purpose of reconnaissance
is to gather information for network and information system
characterization, identifying and gathering information on
organizations through users that are determined to be of high value
in answering PIRs or in the development of follow-on Red Team
operations. When authorized by the customer, asset owner, or other
stakeholder, the Red Cyber Operator will demonstrate a potential
adversary’s offensive based cyberspace operations or intelligence
collection capabilities against a targeted mission or capability.
Demonstrations will be performed under a “White Card” and conform
to ethical, aka white hat hacking principles. All activities
performed by Red Cyber Operators will comply with all US Cyber
Command Standing Ground Rules. Responsibilities Characterize the
adversary – Research the structure, ideology, intentions, tactics,
and capabilities of adversarial organizations to develop threat
characterization using a combination of both classified and
unclassified sources. Contribute to threat emulation – Identify
information requirements, develop assessment strategies and
collection plans, identify information sources, and develop and
conduct research of publicly available information (PAI) to
determine adversary courses of action and relevant information
requirements (IR). Analyze and characterize targeted mission,
system, network, component, or capability and conduct analysis
appropriate to the program, identify essential functions/tasks and
critical assets necessary to perform them as determined by the
program leader. Contribute to developing adversary courses of
action (CoA). Develop courses of action an adversary could employ
in and through cyberspace directed against customer personnel,
equipment, facilities, networks, information and information
systems, infrastructure, and supply chains. Support field
assessments from an adversary perspective. In conjunction with DoD
Red Team Partners, conduct field assessments and demonstrate cyber
courses of actions in accordance with Program Plans, operations
orders, ground rules, and other directives. Synthesize findings to
support vulnerability identification, course of action development,
protection studies, trend analyses, risk analysis, and mitigation
strategies. Develop a comprehensive understanding of the
implications of vulnerabilities discovered by the other specialists
and fuse those findings with the systems analysis and determine
impacts to the national and military missions they support. Prepare
activity reports including out briefs, senior leader briefs,
interim progress reports (IPRs) and briefs, white papers, after
action reviews, final reports, risk analysis products, and other
documents necessary to convey assessment findings to customers,
partners, and other stakeholders. Required Skills/Qualifications
Education: 6 years in lieu of a degree, OR 4 years of experience
with Bachelor’s degree, OR 2 years of experience with Master’s
degree. Field of study: Computer Science, Computer Forensics,
Computer Engineering, Electrical Engineering, or a related
technical discipline. Experience: Demonstrated operational
experience in the military, other Federal Government, or comparable
civilian position in Cyberspace Operations (Offensive Cyberspace
Operations, Defensive Cyberspace Operations, and Cyberspace
Exploitation) Cyber Red Team, Penetration Testing, and/or
Information Operations (IO). Demonstrated experience with at least
one automation scripting language (Powershell, Python, Perl, Ruby,
Java, etc) Current active TS SCI clearance Certifications: Possess
at least ONE (1) of the following certifications or obtain within
180 days of hire: Offensive-Security Certified Professional (OSCP)
Offensive-Security Certified Expert (OSCE) Offensive-Security
Exploitation Expert (OSEE) GIAC Exploit Researcher and Advanced
Penetration Tester (GXPN) GIAC Penetration Tester (GPEN) GIAC Web
Application Penetration Tester (GWAPT) Possess at least ONE (1) of
the following certifications based on DoD 8570.1-M requirements at
a minimum IAT Level III: CASPCE CCNP Security CISA CISSP GCED GCIH
Possess at least ONE (1) of the following certifications CEH CySA
CISA GSNA CFR PenTest Desired Skills/Qualifications Knowledge,
Training, or experience working with ICS/SCADA or IoT devices.
GICSP, GCIP, GRID or ISA/IEC desirable. Have at least five
demonstrated years of using open-source tools and operating systems
or hold a comparable Linux certification Possess working knowledge
of Department of Defense’s Cybersecurity Vulnerability Alert and
Incident Response process. Possess excellent written and verbal
communication skills. Possess a working knowledge of Computer
Network vulnerability/compliance analysis software. Possess working
knowledge of RMF processes Possess a working knowledge of Microsoft
Office Suite to include an ability to prepare PowerPoint
presentations, reports, and white papers
Keywords: Beyond SOF, Bel Air South , Red Cyber Operator, IT / Software / Systems , Fort Belvoir, Maryland
