<p><strong>Position: </strong><span style="font-weight: 400;">Senior Cyber Operator</span></p><p><strong>Job Type:</strong><span style="font-weight: 400;"> Full Time</span></p><p><strong>Location:</strong><span style="font-weight: 400;"> Remote </span><span style="font-weight: 400;">US</span><span style="font-weight: 400;">. Proximity to Maryland or Virginia is a plus, but not required</span></p><p><strong>Clearance Requirements: No clearance required, but must be eligible for PT and secret clearances</strong></p><p><strong>Travel:</strong><span style="font-weight: 400;"> Up to 50%</span></p><p> </p><p><strong>ABOUT THE TEAM</strong></p><p><strong> </strong></p><p><span style="font-weight: 400;">SIXGEN supports cyber and intelligence missions by serving government and commercial organizations as they overcome global cybersecurity challenges. You’ll work with our highly skilled operators conducting research and assessments based on real-world threats. You’ll simulate adversaries and malicious actors and report details and actionable findings on critical assets and infrastructures. Using innovative processes, tools, and techniques, you’ll predict and overcome cybersecurity vulnerabilities. Your successes will be supported by our diverse team of experienced, technical talent. </span></p><p><strong> </strong></p><p><strong>WHAT YOU’LL DO</strong></p><ul><li style="font-weight: 400;"><span style="font-weight: 400;">Provide recommendations for technical oversight of activities aligned to command priorities.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Perform internal and external pentest against systems to determine vulnerabilities and offer mitigation strategies.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Perform phishing assessments.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Perform vulnerability risk assessment.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Participate in the testing phase of security controls assessments using specialized knowledge of network protocols, operating systems, architectures, equipment, services, and standards.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Conduct comprehensive, black-box penetration testing of web applications to identify critical vulnerabilities such as SQL injection, XSS, CSRF, XXE, deserialization attacks, RCE, etc. Utilize a bug bounty-style approach to independently enumerate and assess targets, simulating real-world attack scenarios.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Analyze application architecture and source code (when available) to uncover deeper, logic-based or systemic vulnerabilities.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Document and communicate findings with clear risk assessments, reproduction steps, and actionable remediation recommendations.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Stay up to date with evolving web technologies, threat trends, and security tools to ensure cutting-edge testing practices.</span></li></ul><p><strong> </strong></p><p><strong>REQUIRED QUALIFICATIONS</strong></p><ul><li style="font-weight: 400;"><span style="font-weight: 400;">2 years leadership experience directly leading a team</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Minimum 2 years of independently conducting every phase of a red team exercise on their own without guidance or supervision.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Minimum 2 years mentoring junior and mid-level operators on red team tradecraft and Advanced Knowledge Requirements (that they possess).</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Minimum 2 years of hands-on experience in network mapping, vulnerability scanning, and penetration and web application testing using software frameworks (including but not limited to: Cobalt Strike, Kali, burpsuite, etc.) to meet operational requirements.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Strong communication skills for interfacing with clients and documenting findings</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Demonstrated experience working both collaboratively and independently with minimal supervision.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Script writing and crafting of payloads that bypass A/V and EDR solutions for use in various phases of a red team exercise.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">In- depth Experience pen testing on internal and external networks</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Minimum 5 years of hands-on web application penetration testing experience, with a strong preference for OSCP or equivalent hands-on certifications (e.g. CBBH, CWEE, OSWA, OSWE, GWAPT).</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.</span></li></ul><ul><li style="font-weight: 400;"><span style="font-weight: 400;">Experience building offensive capabilities or tools to enhance operations with programming languages such as, but not limited to, Python, Bash, terraform, ansible, etc.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Advanced knowledge of manual testing techniques and automated tools (e.g., Burp Suite, OWASP ZAP) to assess application security.</span></li></ul><ul><li style="font-weight: 400;"><span style="font-weight: 400;">Familiarity with FISMA and NIST 800-series frameworks; experienced in applying formal testing protocols and methodologies to assess networks, web apps, and cloud environments.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">CRTO certification required (or ability to obtain within 90 days of start date)</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">OSCP, OSCE, OSEE, GXPN, and/or GPEN are preferred, but not required.</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Willing and able to travel as needed. Up to 50% during periods of high workload</span></li></ul><p><strong>US Salary Range</strong></p><p><span style="font-weight: 400;">$120,000 - 150,000k USD</span></p><p><span style="font-weight: 400;">The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Additionally, SIXGEN offers top-tier benefits for full-time employees, including:</span></p><ul><li style="font-weight: 400;"><span style="font-weight: 400;">Employer-paid health insurance premiums (medical, dental, vision) for you and your family </span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Employer-paid short/long term disability insurance and basic life/AD&D insurance</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">401K with a 4% employer contribution</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Professional development reimbursement options available (training, certification, education, etc)​</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Flexible and remote work policies for most positions</span></li><li style="font-weight: 400;"><span style="font-weight: 400;">Flexible PTO and holiday schedule</span></li></ul><p><span style="font-weight: 400;">SIXGEN is an Equal Opportunity Employer. We ensure that all applicants are considered for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.</span></p><p><span style="font-weight: 400;">We are committed to fostering an inclusive culture that values diversity in our people, reflecting the communities we serve and our customer base. We strive to attract and retain a diverse talent pool and create an environment where everyone is empowered to be their authentic selves at work.</span></p><p data-start="2136" data-end="2377"> </p>