This position is contingent upon funding with an expected start date of December 2025 SECRET Clearance required SRG is seeking a skilled developer to create and sustain tools for analyzing and exploiting protocol and service vulnerabilities, including C2 frameworks. The role involves working with protocols like DNS, HTTP/S, WebSockets, and SMB; implementing STIGs; debugging software; and using code analysis tools. Candidates should be proficient in languages such as C (.NET), C, C , Python, Go, Rust, and Assembly, and experienced with Agile/DevSecOps, version control, and containerization tools like Docker and PyEnv. On-site only, no telework. Position Responsibilities: Develop, test, and sustain tools used for analyzing protocol and service vulnerabilities.
Recommend and build frameworks to exploit vulnerabilities in various protocols and services.
Develop proof-of-concept code to build or tailor exploits, especially for Command and Control (C2) tools.
Work with communication protocols such as DNS, HTTP/S, WebSockets, and SMB.
Perform Security Technical Implementation Guide (STIG) implementations.
Debug and resolve software issues.
Utilize code analysis tools to assess software functionality and security.
Employ version control systems for efficient software development and collaboration.
Develop and test exploits based on proposed and U.S. Government-approved frameworks.
Follow the complete software development life cycle, including requirements gathering, design, coding, testing, and maintenance.
Work within Agile and DevSecOps software development models.
Write scripts and develop software in one or more of the following languages: C (.NET), C, C , Python, Go, Rust, Assembly (highly preferred).
Leverage containerization technologies such as Docker and virtual environments like PyEnv. Required Qualifications: Active DOD Secret security clearance
Education: Bachelor's degree in Cybersecurity, Cyber Operations, Cyber Engineering, Information System, Information Technology, Computer, Electrical, or Electronics Engineering, Software Engineering, Computer Science, Mathematics with a concentration in Computer Science, or equivalent to above disciplines. Certification:
• DoD 8570.01-M in accordance with (IAW) DFARS Baseline Certification, minimum
IASAE Level III. Experience:
• Ten (10) years of full-time experience in Software Development.
• Demonstrated experience in the following areas:
o the development, testing, and sustainment of tools in the performance of analyzing protocol and service vulnerabilities and recommending frameworks to exploit vulnerabilities.
o Developing and leveraging proof of concept code to build or tailor exploits, especially in the use of Command and Control (C2) tools.
o Communication protocols (Examples include DNS, http/s, websockets, SMB, etc);
o Performing STIG implementation.
o Debugging software.
o Utilizing code analysis tools.
o Utilizing version control systems.
o Utilizing exploits based on proposed and USG approved frameworks to Test tools in a representative environment, meeting all defined tool development lifecycle
requirements.
o Software development life cycle, including requirements gathering, design, coding, testing and maintenance.
o Software development models (Examples include Agile, DevSecOps, etc);
o Scripting or developing (Examples include C (.NET), C, C , Python, Go, Rust, Assembly, etc);
o Containerization software (Examples include Docker, etc); and
o Software virtual environments (Examples include PyEnv, etc)
Date Posted: 28 April 2025
Apply for this Job