Raytheon Technologies Lead Red Team Penetration Tester in Washington, District Of Columbia
United States of America
HDC99: Field Office - DC 123 Remote Drive, Remote City, DC, 20001 USA
Raytheon Technologies Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises four industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, Raytheon Intelligence & Space and Raytheon Missiles & Defense. Its 195,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Waltham, Massachusetts.
To realize our full potential, Raytheon Technologies is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed.
Lead Red Team Penetration Tester
Raytheon Technologies Corporate Headquarters
Raytheon Technologies is seeking a highly qualified and motivated individual to join the Cybersecurity Intelligence and Assessment group to conduct red team operations and generate associated vulnerability assessments.
The Red Teamer must be able to plan, communicate, coordinate, and conduct red team activities, penetration tests, and security assessments for applications, systems and enterprise networks while adhering to strict rules of engagement and ethical cyber operational behavior.
Job responsibilities include
Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests
Conduct hands-on technical testing beyond automated tool validation, including full exploitation and leveraging of access within multiple environments, such as Windows or *nix; conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities
Perform security reviews of application designs, source code, and deployments as required, covering all types of applications (web application, web services, mobile applications, thick applications, SaaS)
Performs penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.)
Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk
Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests
Provide regular risk briefings to senior management on findings and develop remediation approaches and recommendations to improve cybersecurity posture
Bachelor's degree or equivalent experience and 7+ years additional relevant work experience in an environment that supports integrated risk management preferred
7+ years of experience in security with practice in penetration testing and vulnerability assessments
Strong Active Directory background, evaluating trust domains, Kerberoasting
Experience with web and mobile applications, databases, operating systems
Experience in penetration testing large and complex enterprise networks and cloud environments
Experience with utilizing penetration testing framework such as MITRE ATT&CK & OWASP
Hands-on OS configuration/administration experience
Skilled in conducting non-attributable research using all available sources, including social network analysis
Programming experience with focus on penetration testing or process automation
High degree of experience with the following technologies:
Cobalt Strike, Kali Linux
PowerShell, C#, GhostPack, Bloodhound
Nmap, Burp Suite
Excellent communication and interpersonal skills
Education: Typically requires a university degree or equivalent experience and minimum 7 years prior relevant experience or an advanced degree in a related field and minimum 5 years experience.
Industry accreditations are Preferred (ITIL)
Location:Remote or any US RTX location
US Citizen or US Person required as work may involve visibility to ITAR related projects.
Desired Certifications (one or more desired)
OSCP, OSCE, OSWE, CEH, SANS, CISSP
Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Click on this link (http://www.rtx.com/privacy/Job-Applicant-Privacy-Notice) to read the Policy and Terms
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.