Advanced Red Team Operator

The Advanced Red Team Operator leads and executes complex penetration testing and red team operations in support of OPTEVFOR Cyber Operational Test & Evaluation (OT&E). The role provides technical leadership across planning, preparation, execution, and post-test activities; mentors and directs basic and intermediate operators; and ensures compliance with OPTEVFOR policies, DoD guidance, and DCAT authorization requirements.



Qualifications

• 
  Offensive Security Certified Professional (OSCP) or equivalent offensive cybersecurity certification


• Minimum of six (6) years of experience performing penetration testing, red teaming, and/or exploitation development


• Proficiency with multiple offensive cyber tools, including:
  
  
  • Metasploit
  
  
  • Cobalt Strike
  
  
  • Core Impact
  
  
  • Burp Suite
  
  
  • Nessus
  
  
  • SharpHound
  
  
  
  


• Demonstrated ability to detect malicious program activity using dynamic analysis techniques
  


• Ability to independently plan and execute penetration testing and red team activities to accomplish assigned test objectives


• Minimum of six (6) years of demonstrated experience leading red team operators to accomplish assigned test objectives

Key Responsibilities
Policy, Procedures, and Governance

• Become proficient in and ensure adherence to OPTEVFOR Cyber T&E CONOPS, SOPs, policies, and guidance
  


• Maintain and contribute to development of 01D SOPs and technical documentation supporting DCAT authorization in accordance with DoDI 8585.01
  


• Research, review, prioritize, and submit operational requirements for acquisition of cyber tools and capabilities in accordance with the 01D tool approval process
  


• Lead development and execution of tactics, techniques, and procedures (TTPs) for penetration testing and red team operations


• Research adversary cyber actors’ TTPs, organizational structures, capabilities, personas, and operating environments, integrating findings into cyber survivability test planning and execution

Test Planning

• Lead and participate in OPTEVFOR cyber test planning activities, including:
  
  
  • Conducting open-source research and reviewing system-under-test (SUT) documentation to understand mission, architecture, interfaces, and critical components
  
  
  • Identifying attack surfaces and threat vectors
  
  
  • Participating in checkpoint meetings
  
  
  • Guiding development of cyber test objectives
    
  
  
  • Reviewing test plans to ensure objectives are feasible, comprehensive, and executable
  
  
  • Participating in test planning site visits
  
  
  
  

Test Preparation

• Lead preparation activities for cyber OT&E events, including:
  
  
  • Participation in site pre-test coordination visits and support of test site in-briefs
  
  
  • Leading red team test plan reviews
    
  
  
  • Adding relevant system technical information to the test reference library
  
  
  • Organizing and leading research briefings focused on advanced capability development for future tests
  
  
  • Preparing OPTEVFOR Red Team (OPTEV-RT) Government-furnished test assets
    
  
  
  
  

Test Execution

• Lead execution of assigned cyber test events, including Cooperative Vulnerability Penetration Assessments, Adversarial Assessments, and Cyber Tabletop exercises, in support of Operational Testing, Developmental Testing, risk-reduction events, and other assigned efforts


• Employ OPTEVFOR-provided and NAO-approved commercial and open-source cyber assessment tools, including but not limited to:
  • Core Impact, Nmap, Burp Suite, Metasploit, Nessus
  
  


• Apply ethical hacking techniques to exploit discovered vulnerabilities and misconfigurations across:
  
  
  • Operating systems (Windows, Linux, Unix)
  
  
  • Network protocols and services (HTTP, FTP, DNS, PKI, HTTPS)
  
  
  
  


• Execute testing independently while providing technical direction and oversight to Basic and Intermediate operators


• Ensure all testing is conducted safely, in accordance with approved test plans and OPTEVFOR policies


• Adhere to JFHQ-DoDIN deconfliction procedures
  


• Verify accuracy and completeness of collected test data

Post-Test and Continuous Improvement

• Participate in the post-test iterative process, including generation of deficiency and risk documentation


• Document lessons learned and drive continuous improvement across red team operations


• Generate and update documentation required to maintain DCAT authorization compliance in accordance with DoDI 8585.01
  


• Participate in capture-the-flag events, cyber off-sites, red team huddles, and technical exchange meetings; develop supporting products and materials


• Attend OPTEVFOR-required meetings in support of OT&E activities

DCWF Knowledge, Skills, Abilities, and Tasks (KSATs)
Skills

• Assessing existing tools to identify capability gaps and improvement opportunities


• Testing and evaluating cyber tools for operational implementation


• Knowledge management and technical documentation (e.g., wiki-based documentation)


• Processing exfiltrated data for analysis and dissemination


• Evaluating and validating locally developed tools for operational use


• Ability to collaborate with development organizations to create, adapt, and deploy tools required to achieve operational objectives


• Ability to develop new techniques for gaining, maintaining, and extending access to target systems

Knowledge

• Active defense methodologies and system hardening techniques


• Encryption algorithms and cyber tools (e.g., TLS, PGP)


• Evasion strategies and exploitation techniques


• Forensic implications of operating system structures and processes


• Host-based security products and their impact on exploitation


• Network administration, construction, and topology


• Security hardware and software options and their effects on exploitation artifacts


• Security implications of software configurations


• Digital forensics fundamentals to extract actionable intelligence


• Cryptologic capabilities, limitations, and contributions to cyber operations


• Unix/Linux and Windows operating system internals (process management, directory structures, installed applications)


• Network collection procedures, including decryption techniques and tools


• Knowledge of deconfliction reporting processes, including coordination with external organizations