Overview
Cybersecurity Penetration Tester - Junior - TGEE
Be the Difference
Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA with an additional 36 locations across the U.S.
Astrion has an exciting opportunity for an Junior Cybersecurity Penetration Tester for the TMAS 2 96 CTG Task Order, supporting the 48 CTS / TGEE. The 48th CTS/Det 1 conducts Cyber Security Test & Evaluation of Embedded Avionics & Weapons Systems for multiple platforms within the Air Force. As an Aircraft Avionics Penetration Tester, you will be responsible for conducting cybersecurity penetration assessments of avionics components and platforms. This will include the planning, execution, analysis, and reporting for Systems under Test (SuT) You will support integrated test team activities to help establish test objectives to meet system program office and operational test customer requirements. In coordination with organizational leadership and with the support of technical editors, you will author test plans to accomplish established objectives. You will work with our aircraft test managers to establish detailed test procedures and ensure they are documented on test execution guidance cards. Finally, you will play a key role in test execution and ensure that results are thoroughly documented.
JOB DETAILS
LOCATION: Edwards AFB, CA
JOB STATUS: FT
TRAVEL: 20%
REQUIRED QUALIFICATIONS / SKILLS
- Technical BS Degree and 1-3 years of applicable experience
- Active Secret clearance is required and must be able to obtain/maintain a Top Secret clearance. U.S. Citizenship.
- Must have or be able to obtain DOD 8570 IAT Level 3 certification (CASP, CISSP, ISSEP, etc.) within 6 months of hire, and maintain certification throughout employment.
And
- Proficiency in analyzing and/or manipulating avionics communication protocols, such as ARINC 429, MIL-STD-1553.
- Military aircraft operations, maintenance, test or acquisition experience is desired.
- Prior knowledge and applicable experience using various RF testing tools such as HackRF, SDR’s, spectrum analyzers, and Wireshark.
- Knowledge of common vulnerabilities and attack vectors in aviation systems, including but not limited to buffer overflows, injection attacks, and protocol manipulation.
- Understanding of aircraft network architectures, including intra-aircraft networks and inter-aircraft networks (e.g., Air Traffic Management Data Link, Aircraft Communications Addressing and Reporting System).
- Understanding of cryptographic principles and their application in aviation security, including key management, encryption algorithms, and digital signatures.
Or
- Familiarity with industry-standard frameworks and methodologies for conducting penetration tests, such as OWASP Testing Guide and NIST SP 800-115
- Knowledge of endpoint security technologies and techniques, such as antivirus, host-based intrusion detection/prevention systems (HIDS/HIPS), and privilege escalation exploits.
- Experience in identifying and exploiting security vulnerabilities in web applications, including injection flaws, cross-site scripting (XSS), and insecure direct object references (IDOR).
- Familiarity with common networking protocols and technologies, such as TCP/IP, DNS, DHCP, VLANs, VPNs, and SSL/TLS.
- Proficiency in conducting vulnerability assessments and penetration tests on network infrastructure, including routers, switches, firewalls, and servers.
- Ability to effectively communicate technical findings and recommendations to both technical and non-technical stakeholders through detailed reports and presentations.
- Prior experience with the use of enterprise penetration test tools. (nmap, Nessus, BurpSuite, Hydra, Metasploit, BloodHound.)
- Continuous learning and staying updated with the latest security trends, vulnerabilities, and attack techniques through self-study, training, and participation in industry conferences and events.
- Experience with python, bash, and PowerShell scripts
- Capable of rewriting preexisting scripts, tools, or exploits to work on target systems.
- Conduct penetration tests on Active Directory environments, leveraging tools like BloodHound and PowerView for reconnaissance and enumeration, to identify vulnerabilities and attack paths.
- Execute advanced attack techniques, including pass-the-hash and golden ticket attacks, to assess the effectiveness of Active Directory security controls and simulate real-world threat scenarios.
- Provide actionable recommendations and remediation strategies to improve the security posture of Active Directory infrastructures, emphasizing best practices such as least privilege principles and strong password policies.
- Demonstrate the ability to complete a CTF if requested
DESIRED QUALIFICATIONS / SKILLS
- Bachelor’s Degree in either Engineering or Cybersecurity related Discipline desired.
- Active TS/SCI preferred.
- OSCP, CPTS, PNPT certifications desired.
- Prior understanding of aircraft avionics navigation, communication, and datalinks is desired (GPS, ACARS, Mode-S, Link-16, and etc.)
RESPONSIBILITIES
- Execute test projects and program objectives with various DoD and federal agency customers
- Review technical documentation related to Avionics Embedded Systems and RF datalinks and identify potential design shortfalls that might result in a cybersecurity weakness
- Develop test corpus and test plans to validate the presence of weaknesses
- Analysis data from test events and present this data in a coherent and accurate manner for the customer
- Work with operational testers and pilots to identify vulnerabilities which might affect the cyber resiliency of the platform for a given mission
- Assist with developing cyber contested environments to demonstrate the resiliency of the platform under test
What We Offer
- Competitive salaries
- Continuing education assistance
- Professional development allotment
- Multiple healthcare benefits packages
- 401K with employer matching
- Paid time off (PTO) along with a federally recognized holiday schedule
SALARY RANGE: Estimated $100,000 USD - $115,000 USD annually.
Who We Are
At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to “Be the Difference”. This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish and our company continuously evolves.
We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what’s possible. We promote collaboration and empowering our teams is at the core of our success.
Join Astrion and Be the Difference in your career and the world!
Astrion is an Equal Employment Opportunity/Affirmative Action Employer. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
“Air Force Cyber Division”