Breach & Attack Simulation Analyst

ECS is seeking a Breach & Attack Simulation Analyst to work in our Baltimore, MD office.

Job Description:

• Perform Penetration testing
• Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components
• Collaborate with IT and security teams to refine security measures and response strategies.
• Prepare detailed reports on findings from simulations and suggest improvements.
• Facilitate training sessions for internal teams on security awareness and breach response tactics

Required Skills:

• 7 years of IT experience to include 4 years of experience in either information security, development, or system/network administration.
• Demonstrated experience in developing and deploying tactics to penetrate or circumvent modern security defenses such as AV and EDR technologies.
• Develop subject matter expertise of focused capabilities in the topics of network security, database security, wireless security, or application and development security.
• Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
• Simulate internal lateral movement activities observed in successful attacks from known adversaries.
• Design and execute breach and attack simulations to identify vulnerabilities in network infrastructures, applications, and operating systems.
• Self-motivated and able to work in an independent manner.
• U.S. Citizen - must be able to obtain "Public Trust" level clearance. (SF-85 and SF-86 submission required)
• Bachelor's degree in an IT related field or equivalent education or work experience. Offensive Security Certifications (OSCP, OSCE, etc.) GIAC Certifications (GPEN, GWAPT, GXPN, etc.) Technology Specific Certifications (MCSE, LPIC, CCNA, etc.)

Desired Skills:

• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, Wireshark, Nikto, etc.
• Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
• Expertise in at least one related functional area (network security, reverse engineering, programming, databases, mainframes, web applications, etc.
• Understanding of security operations center (SOC) environments and incident handling procedures.
• Ability to leverage threat intelligence to inform simulation scenarios and enhance security posture.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800 employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.