Adversary Emulation Engineer

Job content

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA Objective. Responsive. Trusted.SPA has an immediate need for two (2) Adversary Emulation Engineers to provide contracting services to NATO.

• Lead and/or be part of the Red/Purple Team during assessments;
• Develop and execute complex adversary emulation scenarios;
• Create custom scripts in python to simulate attack activities;
• Utilize detections to improve the effectiveness of adversary emulation scenarios;
• Create and use custom tools to automate and optimize the adversary emulation process;
• Provide security design reviews to ensure compliance with company policies and directives;
• Provide security consultancy and advice to projects, plans, and other entities;
• Brief at both executive and technical levels on security reports and testing outcome;
• Ensure proactive collaboration and coordination with internal and external stakeholders;
• Ensure compliance with IT security, risk and compliance principles;
• Responds to ad-hoc tasks given by the chain of command

Required QualificationsThe contracted individual will have at least 3 years post-related experience.The required skillset for the contracted individual is

• Proven experience in either penetration testing, red teaming or adversary emulation for at least 3 years
• Understanding of the principles of adversary emulation (red/purple teaming)
• Ability to develop and execute adversary emulation scenarios
• Understanding of tactics, techniques and procedures of threat actors based on MITRE ATT&CK Framework
• Ability to create and execute custom scripts to simulate attack activities
• Understanding of the various types of detections available (defence in depth)
• Knowledge of the latest security trends and best practices
• Ability to create and use custom tools to automate and optimize the adversary emulation process
• Knowledge of the principles of IT security, risk and compliance
• Experience with security testing tools and methodologies, such as fuzzing, static and dynamic application security testing, and penetration testing
• Knowledge in system and network administration of UNIX and Windows systems
• Use of penetration testing tools, techniques, and recognized testing methodologies
• Scripting skills in Python
• Technical knowledge in system and network security, authentication and security protocols, cryptography and application security
• Ability to evaluate risks and formulate mitigation plans
• Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation plan for several different audiences
• National of one of the 31 NATO countries.
• In possession of an active National and/or NATO Secret security clearance.