Security Software Engineer/Penetration Tester - Clearance Required

Cydecor is a premier Federal Government solutions provider, delivering differentiated innovations in mission systems and business platforms. We leverage leading-edge secure systems and software development, backed by industry-leading subject matter expertise, and business intelligence to enable decision-support and remain ahead of ever-evolving national security challenges. Our success rests squarely on three bedrock principles: People, our center of gravity; Mission, what inspires us; and an unyielding commitment to Excellence, what separates us.

Job Description:
Cydecor is seeking a Security Software Engineer/Penetration Tester to support advanced cybersecurity and software assurance efforts for U.S. Department of Defense (DoD) systems. The ideal candidate will combine deep technical experience in software engineering, penetration testing, and reverse engineering with a strong understanding of secure system design and vulnerability mitigation for enterprise and tactical environments.

Responsibilities include:

• Debug and reverse engineer software to identify vulnerabilities and optimize security performance.
• Analyze Windows Event logs, Linux syslogs, boot logs, and dmesg logs to identify anomalies and security concerns.
• Program and debug software using Web 2.0, Java, Perl, Ada, C++, and Tool Command Language (Tcl/Tk) scripts, including GUIs and configuration management tools such as Microsoft Visual Studio and Rational ClearCase.
• Recommend and implement software modifications to mitigate known vulnerabilities.
• Administer systems running HP-UX, UNIX, Solaris, Linux, and Microsoft Windows operating systems.
• Identify and remediate security flaws in both compiled and human-readable source code.
• Understand and work with real-time operating systems (VxWorks, LynxOS), CORBA, firewalls, and networking protocols.
• Implement NSA-approved encryption technologies and devices and apply DISA Security Technical Implementation Guides (STIGs).
• Incorporate virtual hosting, server technologies, and deceptive technologies (e.g., honeypots) into system architectures.
• Perform and participate in code reviews, static source code analysis, and author recommendations to improve software design and security posture.
• Contribute to the System Security Administrator and Operator's Manual (SSAOM) and ensure all cybersecurity documentation is maintained to DoD standards.

Here's what you need:

• Experience:
  • Five (5) years of software engineering experience supporting program development or modeling and simulation for DoD or IT systems.
  • Five (5) years of Linux experience, demonstrating firm command-line and system administration skills.
    • CompTIA Linux+ or FedVTE Linux+ (Linux)
  • Five (5) years of Windows experience with solid understanding of enterprise network environments.
    • Microsoft course (MCSA; Various)
  • Strong working knowledge of common Penetration Testing (PENTEST) tools:
    • Kali, Metasploit, NMAP, Cobalt Strike
    • Associated Training: Certified Ethical Hacker or Offensive Security Certified Professional
  • Documented experience in at least one of the following areas:
    1. Penetration Testing (PENTEST) (government or contractor)
    2. Red Team Operations (government or contractor)
    3. Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties)
    4. Python, C, C Sharp, C++, Go, Perl, Powershell
    5. Web Dev/Web App Dev/Web Penetration testing
       1. NSX, vCenter, vRealize Suite, Horizon View (VDI) and others
       2. PAN-OS
       3. FirePower, Nexus, IOS, ASA
       4. ONTAP, SnapMirror
       5. Active-Directory
       6. Entra ID (Azure AD), Active Directory, SSO, MFA, Azure application integration, Identity Federation.
       7. utomation using Powershell, PowerAutomate, Logic Apps, Graph API.
       8. Microsoft Entra ID and Microsoft 365 in a hybrid environment.
       9. xperience with Palo Alto, Cisco, VMWare, NetApp and Microsoft products.
       10. Extending or integrating on premises AD with Entra ID.
       11. Managing identity and access in Microsoft Entra ID.
       12. Experience conducting Red Team operations in an MDE environment.
       13. Experience with AWS, Cloud Audit, Serverless and Microservice Architecture
       14. Experience working with AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
       15. Experience with Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
  • PHP, ASP, SQL db's, Java, HTML, No SQL
• Certifications:
  • Minimum IAT Level II certification per DoD 8570.01 (or successor).
  • Minimum penetration testing certification, holding at least one of the following:
    • Offensive Security Certifications: OSCP, OSCE, OSEE, OSWP
    • SANS Certifications: GPEN, GWAPT, GXPN, or equivalent Red Team / Penetration Testing certifications
    • COAC Graduate (OSD-sponsored Cyber Operations Academy Course)
    • Capture the Flag (CTF) participation (e.g., DEFCON, Over-The-Wire, Hack the Box, USS Secure CTFs).
    • Published security research resulting in a Common Vulnerabilities and Exposures (CVE) submission.
• Knowledge:
  • Strong understanding of computer security principles, military system specifications, and DoD Cybersecurity policies for both land-based and afloat/tactical systems.
  • Ability to communicate effectively and succinctly in both written and verbal formats.

Bonus Points If You Have:

• Experience developing or integrating cyber tools for vulnerability research and exploitation testing.
• Experience leading software assurance or cyber tool development projects in classified environments.
• Familiarity with DoD Risk Management Framework (RMF) and A&A processes.

Security Clearance:

• Active Top Secret clearance with SCI eligibility.

Education:

• Bachelor's degree

Work Schedule:

• Hybrid, Monday-Friday (8 hours/day).
• Position is primarily remote, with potential on-site requirements as needed.
  

Compensation and Benefits:
Cydecor offers a comprehensive compensation package including Health and Dental Insurance, Vision and Life Insurance, Short-Term & Long-Term Disability, 401(K) + company match, Paid Time Off (PTO), Paid Company Holidays, Tuition and Professional Development Assistance and more.

What We Believe
We have an unwavering commitment to diversity with the aim that every one of our people has a full sense of belonging within our organization. As a business imperative, every person at Cydecor has the responsibility to create and sustain an inclusive environment.

Equal Employment Opportunity Statement
Cydecor is an Equal Employment Opportunity/Affirmative Action Employer (EEO/AA). All employment and hiring decisions are based on qualifications, merit, and business needs without regard to race, religion, color, sexual orientation, nationality, gender, ethnic origin, disability, age, sex, gender identity & expression, veteran status, marital status, or any other characteristic protected by applicable law.

If you are a qualified individual with a disability and/or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site because of your disability. You can request assistance by contacting HR@cydecor.com or calling 703-884-2105.