Breach and Attack Simulation Analyst

Job Description

ECS is seeking a Breach and Attack Simulation Analyst to work in Windsor Mill office.

Position Responsibilities:

Perform Penetration testing

Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components

Collaborate with IT and security teams to refine security measures and response strategies.

Prepare detailed reports on findings from simulations and suggest improvements.

Facilitate training sessions for internal teams on security awareness and breach response tactics.

Salary Range: $ - $
General Description of Benefits:
Benefits Link

Required Skills

Job Requirements:

7+ years of IT experience to include 4+ years of experience in either information security, development, or system/network administration.

Demonstrated experience in developing and deploying tactics to penetrate or circumvent modern security defenses such as AV and EDR technologies.

Bachelor's degree in an IT related field or equivalent education or work experience.

Develop subject matter expertise of focused capabilities in the topics of network security, database security, wireless security, or application and development security.

Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.

Simulate internal lateral movement activities observed in successful attacks from known adversaries.

Design and execute breach and attack simulations to identify vulnerabilities in network infrastructures, applications, and operating systems.

Self-motivated and able to work in an independent manner.

(SF-85 and SF-86 submission required)

Certifications/Licenses:

Offensive Security Certifications (OSCP, OSCE, etc.)

GIAC Certifications (GPEN, GWAPT, GXPN, etc.)

Technology Specific Certifications (MCSE, LPIC, CCNA, etc.)

Desired Skills

Additional

Experience Preferred:

Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc.

Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.

Expertise in at least one related functional area (network security, reverse engineering, programming, databases, mainframes, web applications, etc.

Understanding of security operations center (SOC) environments and incident handling procedures.

Ability to leverage threat intelligence to inform simulation scenarios and enhance security posture.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.