Red Team Associate Operator/Penetration Tester

Company Federal Reserve Bank of RichmondWhen you join the Federal Reserve-the nation's central bank-you'll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We dedicate more than $1 billion to technology each year to support the Federal Reserve and our economy, and we're building a dynamic and diverse team for our future. Bring your passion and expertise, and we'll provide the opportunities that will challenge you and propel your growth-along with a wide range of benefits and perks that support your health, wealth, and life. In addition to competitive compensation, we offer a comprehensive benefits package that includes tuition assistance, generous paid time off, top-notch health care benefits, child and family care leave, professional development opportunities, a 401(k) match, pension, and more. All brought together in a flexible work environment where you can truly find balance.About the Opportunity Our National Incident Response Team (NIRT), a national service provider for the Federal Reserve System (FRS), delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the FRS. NIRT's mission is to play a leading role in the FRS' efforts to protect its information systems against unauthorized use.NIRT's Adversary Emulation team has an immediate opening for an Associate Operator to join their team as a key participant on engagements and projects that will target and evaluate the cyber security posture of people, processes, and technology within the FRS. As an Associate Operator, you will report to the Sr. Manager and work on a team of security professionals focused on enabling business line initiatives by performing security assessments against people, processes, and technologies by using automated and hands-on tools that simulate attacker tactics, techniques and procedures (TTPs). You will also perform assessments for new and existing services, infrastructure, and applications to identify weaknesses before an attacker does.You will use a variety of tools and techniques including penetration testing, red teaming, purple teaming, and social engineering and have the opportunity to combine your technical expertise with your imagination to discover innovative methods for ensuring that the FRS remains one step ahead of its adversaries around the world. What You Will Do

• Strengthen FRS security posture through offensive security assessments including the identification and exploitation of vulnerabilities across the system
• Leverage offensive security foundational knowledge to execute cybersecurity solutions to benefit security engagements and mitigate cyber threats
• Improve operational efficiency by building and evaluating workflow processes, procedures, checklists, automation, and tooling
• Enable success of security initiatives by performing tasks to development surrounding security or technology capabilities and creating operations-based documentation
• Address cybersecurity needs by advising clients on best practices and how to implement changes to securely address complex business needs
• Execute on cross-team initiatives to implement cybersecurity improvements for recognized gaps
• Grow security capabilities to defend the FRS by working with internal and external stakeholders to execute on strategies and plans to enforce security requirements
• Identify and prioritize key risk areas balancing business risk and cyber threats via research of industry trends and business partner missions
• Assist and execute technical security assessments to identify risk, likelihood and impact an attacker may have on the System due to weak or missing controls

• 3-7 years of relevant information security related work experience in areas such as: computer network defense, computer network exploitation and post-exploitation
• Bachelor's degree or equivalent work experience
• The following certifications are highly preferred: CEH, Security +, GCIH, GSEC
• Understanding of all phases of adversary emulation operations including reconnaissance, social engineering, exploitation, post-exploitation, covert techniques, lateral movement, and data exfiltration
• Knowledgeable in offensive cybersecurity roles, such as malware development, red teaming, penetration testing (e.g., web, infrastructure, cloud), purple team exercises in cloud and on-prem environments
• Team player with interpersonal, collaborative and consultative skills
• Adept attention to detail, oral and written communications skills tailored to audiences ranging from technical subject matter expert partners to senior executive stakeholders
• Understanding client relationships, including determining needs, learning expectations, and demonstrating commitment to delivering quality results
• Familiar with scripting/programming of Python, PowerShell, or C# with the ability to create and customize tools
• The following certifications are highly preferred: CEH, Security +, GCIH, GSEC
• 3-7 years of relevant information security related work experience in areas such as: computer network defense, computer network exploitation and post-exploitation
• Bachelor's degree or equivalent work experience

• Sponsorship is not available for this role. The selected candidate will be subject to a government security investigation and must meet eligibility requirements for access to classified information. The ability to obtain and maintain a National Security Clearance (Secret or Top Secret) is required for this role. US Citizenship is required to be eligible for a National Security Clearance.
• A requirement of this position is that the employee must be fully vaccinated against COVID-19; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.
• Candidates should review the Bank's Employee Code of Conduct to ensure compliance with conflict of interest rules and personal investment restrictions.
• If you need assistance or an accommodation due to a disability, please notify rich.recruitment@rich.frb.org.
• The Richmond, VA hiring range of the Red Team Associate Operator/Penetration Tester is $80,000 - $110,000 annually.
• For candidates in certain markets (Boston, MA; Chicago, IL; Los Angeles, CA; New York City Metro Area, Philadelphia, PA; San Francisco, CA; Seattle, WA) the listed hiring and salary ranges may be adjusted based on your geographic location.
• Salary offered will be based on the job responsibilities and the individual's knowledge, skills, and experience as defined in the job qualifications.