Cyber Exploit Developer

Join the team who values your skills and expertise. From intelligence and cybersecurity to vulnerability assessment and mission assurance, Cherokee Nation Strategic Programs (CNSP) brings experience and results. Building on a reputation as a dedicated, disciplined and tightly-knit organization, CNSP supports DOD and other federal clients in their critical, strategic and operational programs. CNSP is looking for qualified talent to give our clients the support they deserve and the quality they expect from our team – a team of experts, like you.

Cherokee Nation Strategic Programs is part of Cherokee Federal – a team of tribally owned federal contracting companies focused on building solutions, solving complex challenges, and serving the nation’s mission around the globe for more than 60 federal clients. For more information, visit cherokee-federal.com .

SUMMARY

The Cyber Exploit Developer will support Defense Threat Reduction Agency- Cyber Division to Creating new and innovative tools for developing, vetting, and validating exploits IAW DoD and Red Team Doctrine.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Exploit Developer provides Man in the Middle (MITM) attacks, forensics analysis, Cross Site Scripting (XSS), port scans, source code analysis, and other techniques for emerging vulnerabilities and threats
• Hands-on Reverse Engineering using tools such as IDA Pro, Binary Ninja and Ghidra, V8, JIT, WebKit, as well as exploit mitigations such as ASLR, DEP, ROP
• Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) for effective countermeasures against exploits
• They must have mastery level experience working hands-on with computer network modeling software and computer network vulnerability/compliance analysis software.
• Leading the team on emergency cyber threats and attack methodologies, operational TTPs, and exploit script
• NSA-certified and DTRA-accredited developer using scanning/exploitation tools to portray a realistic threat
• Evaluate the ability to Protect defense critical assets, Detect threat activity, React to threat activity, and Restore mission (PDRR) prior to physical assessment operations,
• When authorized by the customer, asset owner, or other stakeholder, the Exploit Developer will demonstrate a potential adversary’s offensive based cyberspace operations or intelligence collection capabilities against a targeted mission or capability. Demonstrations will be performed under a “White Card” and conform to ethical, aka white hat hacking principles.
• Evaluating and making recommendations for DoD installations on achievable means of enhancing the communications networks and\or systems to ensure local distribution networks and supporting off-site commercial facilities have the capacity, survivability, reliability, and security to support the mission.
• Evaluating and making recommendations on secure and/or non-secure high speed digital data transmission, government satellite services, high frequency radio, long-haul military and commercial radio, telephone, voice frequency circuitry, wireless, facsimile, video, and computer network inter-switch trunks.
• Performing single-point critical node analysis of an installation’s telecommunications, other communications systems, computer networks including supporting infrastructure (power, ventilation, fuel, fire protection etc.). Provide recommendations to reduce or mitigate system vulnerabilities due to terrorist, manmade and natural incidents.
• Identifying threats/hazards that could affect the mission’s communications architecture and using this data to assess the vulnerability and risk to these assets.
• Preparing Assessment Team Reports based upon vulnerabilities observed during the assessment.
• Conducting other assessment areas defined by the Subject Matter Expert Benchmark matrix
  

SUPERVISORY/MANAGEMENT AUTHORITY

This position will not have supervisory authority.

EDUCATION and/or EXPERIENCE

• Bachelor’s degree preferred
  

KNOWLEDGE, SKILLS AND ABILITIES

• Possess a thorough understanding of the Department of Defense Information Networks (DoDIN).
• Must possess CSSP Auditor certification as defined and described in Joint Publications 3-13 Information Operations and 3-12 Cyberspace Operations, DoDI 8500.1, DoD 8570.01 and 8570.01-M, and as amended.
• They must have mastery level experience working hands-on with computer network modeling software and computer network vulnerability/compliance analysis software. In depth knowledge of newest information technology threats.
• CompTIA Security Certification
• DoD IAT Level II Certification
• CSSP Auditor Certification
• Certified Intrusion Analyst Certification Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) for effective countermeasures against exploits
• Knowledge of Information Assurance, Mission Assurance levels associated with DoD IT Systems.
• Understanding of the Information Conditions.
• Knowledge of CyberSecurity practices and threats.
• Knowledge of the DoD Risk Management Framework.
• Ability to evaluate communications architecture and identify single points of failure.
• Knowledge of risk management concepts employed by DoD or Department of Homeland Defense
• Ability to travel on a regular basis with a team of talented assessors.
• Top Secret/SCI Clearance preferred
• Secret Required
• A drug screen and federal background check
  

WORK ENVIRONMENT

The duties of this position are primarily performed in a climate controlled office environment at Fort Belvoir.

Pursuant to U.S. Presidential Executive Order 14042, Cherokee Federal is now requiring that all employees be fully vaccinated for COVID-19 by December 8 th and going forward. Prospective employees will fall under this requirement and proof of vaccination will be required for on-boarding, should you be selected. Limited exemptions for religious or medical reasons will be considered.

TEMPORARY NOTE: On Tuesday, Dec. 7, a federal judge issued an injunction blocking President Joe Biden’s COVID-19 vaccine mandate for federal contractors (EO 14042). Cherokee Federal is monitoring the court case and awaiting a final ruling. As a result of the injunction, Cherokee Federal is halting the enforcement of the mandate, however, if the injunction is lifted and the mandate remains, Cherokee Federal must reenact its vaccine requirement.

ABOUT THE TEAM

Cherokee Federal is a division of Cherokee Nation Businesses, the economic engine of Cherokee Nation, the largest Native American tribe in the U.S. As a trusted partner, the Cherokee Federal team of companies manages nearly 2,000 projects of all sizes across the construction, engineering and manufacturing and mission solutions portfolios — ranging from advanced data analytics and telehealth to cybersecurity, cloud and logistics.

Since 2012, our team of companies has won $6 billion in government contracts and completed more than 5,300 federal missions. Our 3,600 employees work in 20 countries, 50 states and 2 U.S. territories.

Why Cherokee Federal? Visit cherokee-federal.com to learn why you should join our team!

Compliance

Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.

We are an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment and we prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status or for inquiring about, discussing, or disclosing compensation.. If you’d like more information about your EEO rights as an applicant under the law, please copy and paste the links to the following two sites: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf and https://www.dol.gov/ofccp/regs/compliance/posters/pdf/ofccp_eeo_supplement_final_jrf_qa_508c.pdf

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may e-mail CNB.Compliance@cn-bus.com for assistance. This email address is for accommodation requests only and cannot be used to inquire about the application process or status. Please do not send email request pertaining to recruiting as this email box is not for resumes or follow up on job applications.

For Pay Transparency Non Discrimination provision, please copy and paste the following link: https://www.dol.gov/ofccp/pdf/pay-transp_ English_formattedESQA508c.pdf

We maintain an Affirmative Action Plan for proactively seeking employment and advancement for qualified protected veterans and individuals with disabilities. Upon request, we will schedule time Tuesdays – Thursdays from 10:00am – 2:00pm CST to make applicable Affirmative Action Plans accessible. Please submit a written request with the email subject line: 2021 Request to View Affirmative Action Plan to the Compliance Administrator at CNB.Compliance@cn-bus.com .

Please do not send email for job application follow-up or staffing advertisement/request pertaining to recruiting as this email box is not for resumes or job applications.

#CNSP

#CherokeeFederal

#LI-RA1