Yesterday
Secret
Senior Level Career (10+ yrs experience)
Unspecified
No Traveling
IT - Security
Va Bch, VA (On-Site/Office)
This position is contingent upon funding with an expected start date of December 2025
SECRET Clearance required
SRG is seeking a skilled developer to create and sustain tools for analyzing and exploiting protocol and service vulnerabilities, including C2 frameworks. The role involves working with protocols like DNS, HTTP/S, WebSockets, and SMB; implementing STIGs; debugging software; and using code analysis tools. Candidates should be proficient in languages such as C# (.NET), C, C++, Python, Go, Rust, and Assembly, and experienced with Agile/DevSecOps, version control, and containerization tools like Docker and PyEnv.
On-site only, no telework.
Position Responsibilities:
Develop, test, and sustain tools used for analyzing protocol and service vulnerabilities.
Recommend and build frameworks to exploit vulnerabilities in various protocols and services.
Develop proof-of-concept code to build or tailor exploits, especially for Command and Control (C2) tools.
Work with communication protocols such as DNS, HTTP/S, WebSockets, and SMB.
Perform Security Technical Implementation Guide (STIG) implementations.
Debug and resolve software issues.
Utilize code analysis tools to assess software functionality and security.
Employ version control systems for efficient software development and collaboration.
Develop and test exploits based on proposed and U.S. Government-approved frameworks.
Follow the complete software development life cycle, including requirements gathering, design, coding, testing, and maintenance.
Work within Agile and DevSecOps software development models.
Write scripts and develop software in one or more of the following languages: C# (.NET), C, C++, Python, Go, Rust, Assembly (highly preferred).
Leverage containerization technologies such as Docker and virtual environments like PyEnv.
Required Qualifications:
Active DOD Secret security clearance
10 years of experience and a Bachelor of Science in Computer Science, Computer Engineering or related field or 8 years of relevant experience and an MS.
DoD Approved 8570 Baseline Certification: Category IASAE Level III (One of the Following):
CISSP-ISSAP
CISSP-ISSEP
CCSP
At least 10 years of full-time experience in software development.
Proven experience in the development, testing, and sustainment of tools for vulnerability analysis.
Expertise in communication protocols like DNS, HTTP/S, WebSockets, and SMB.
Solid experience in debugging, code analysis, and version control systems.
Familiarity with STIG implementation and security best practices.
Proficiency in scripting or developing in languages such as C#, C, C++, Python, Go, Rust, and Assembly.
Experience with containerization (e.g., Docker) and software virtual environments.
SECRET Clearance required
SRG is seeking a skilled developer to create and sustain tools for analyzing and exploiting protocol and service vulnerabilities, including C2 frameworks. The role involves working with protocols like DNS, HTTP/S, WebSockets, and SMB; implementing STIGs; debugging software; and using code analysis tools. Candidates should be proficient in languages such as C# (.NET), C, C++, Python, Go, Rust, and Assembly, and experienced with Agile/DevSecOps, version control, and containerization tools like Docker and PyEnv.
On-site only, no telework.
Position Responsibilities:
Develop, test, and sustain tools used for analyzing protocol and service vulnerabilities.
Recommend and build frameworks to exploit vulnerabilities in various protocols and services.
Develop proof-of-concept code to build or tailor exploits, especially for Command and Control (C2) tools.
Work with communication protocols such as DNS, HTTP/S, WebSockets, and SMB.
Perform Security Technical Implementation Guide (STIG) implementations.
Debug and resolve software issues.
Utilize code analysis tools to assess software functionality and security.
Employ version control systems for efficient software development and collaboration.
Develop and test exploits based on proposed and U.S. Government-approved frameworks.
Follow the complete software development life cycle, including requirements gathering, design, coding, testing, and maintenance.
Work within Agile and DevSecOps software development models.
Write scripts and develop software in one or more of the following languages: C# (.NET), C, C++, Python, Go, Rust, Assembly (highly preferred).
Leverage containerization technologies such as Docker and virtual environments like PyEnv.
Required Qualifications:
Active DOD Secret security clearance
10 years of experience and a Bachelor of Science in Computer Science, Computer Engineering or related field or 8 years of relevant experience and an MS.
DoD Approved 8570 Baseline Certification: Category IASAE Level III (One of the Following):
CISSP-ISSAP
CISSP-ISSEP
CCSP
At least 10 years of full-time experience in software development.
Proven experience in the development, testing, and sustainment of tools for vulnerability analysis.
Expertise in communication protocols like DNS, HTTP/S, WebSockets, and SMB.
Solid experience in debugging, code analysis, and version control systems.
Familiarity with STIG implementation and security best practices.
Proficiency in scripting or developing in languages such as C#, C, C++, Python, Go, Rust, and Assembly.
Experience with containerization (e.g., Docker) and software virtual environments.
group id: 91127911
