Security Software Engineer- Red Team Penetration Tester

ANALYGENCE is seeking a skilled Security Software Engineer with a strong foundation in reverse engineering, penetration testing, and secure software development. This role will contribute to the design, analysis, and testing of secure systems and applications, with a focus on offensive security capabilities in complex DoD and enterprise environments. This position will provide support to NSWCDD located in Dahlgren, VA, or Virginia Beach, VA.

Responsibilities:

• Perform penetration testing and Red Team operations, simulating adversary tactics using tools such as Kali Linux, Metasploit, NMAP, and Cobalt Strike.
• Reverse engineer and debug compiled and source code to identify vulnerabilities and develop remediation strategies.
• Conduct static source code analysis, participate in code reviews, and author secure coding recommendations.
• Develop and debug software and scripts in Python, C, C#, C , Go, Perl, PowerShell, PHP, ASP, Java, HTML, SQL, and NoSQL environments.
• Analyze and monitor systems using Windows Event Logs, Linux syslogs, boot logs, and dmesg.
• Design and maintain GUIs; manage configuration using tools such as Rational ClearCase.
• Identify flaws in systems running VxWorks, LynxOS, and enterprise operating systems (Windows, HP-UX, UNIX, Solaris, Linux).
• Work with virtualization and enterprise platforms such as VMware NSX, vCenter, vRealize Suite, Horizon View (VDI).
• Apply DISA STIGs and security best practices across on-premise and hybrid infrastructures.
• Implement NSA-approved encryption technologies and integrate secure protocols and firewalls (PAN-OS, FirePower, Nexus, IOS, ASA).
• Administer and secure directory services including Active Directory, Entra ID (Azure AD), with integration for SSO, MFA, Azure App Integration, and Identity Federation.
• Automate processes using PowerShell, PowerAutomate, Logic Apps, and Graph API.
• Manage and secure environments with NetApp ONTAP, SnapMirror, and Microsoft 365 in hybrid deployments.
• Conduct Red Team operations in Microsoft Defender for Endpoint (MDE) environments.
• Perform Web Application Penetration Testing for RESTful/SOAP services and OAuth2, SAML, LDAP protocols.
• Support cloud-native security efforts within AWS, including services like EC2, S3, RDS, KMS, and microservice/serverless architectures.
• Recommend secure software architecture enhancements and contribute to tool/exploit/C2 development.

• Minimum of 5 years of experience in software engineering applied to program development; modeling and simulation applied to DoD or IT Systems.
• Minimum of 5 years of experience in:
  • Firm grasp of Linux
  • Associated training: COMPTIA Linux or FedVTE Linux
• Minimum of 5 years of experience in:
  • Firm grasp of Windows
  • Associated training: Microsoft Courses (MCSA or related)
• Working knowledge of common Penetration Testing tools i.e. Kali, Metasploit, NMAP, Cobalt Strike
• Minimum certification as a Pen Tester and possess one of the following certifications/qualifications:
  • CEH, OSCP, GPEN, OSEE, OSWP, GXPN, OSD Sponsored COAC, Capture the Flag , Hack the Box, or USS Secure CTF participant, or security research resulting in CVE
• Experience with programing languages such as Python, C, C Sharp, C , Go, Perl, PowerShell
• Minimum IAT Level II per DoD 8570.01
• Strong understanding of DoD Cybersecurity policies for both Land Based and afloat/tactical systems.
• Ability to communicate clearly and succinctly in written and oral presentations.
• Minimum Active Secret Clearance.