Sign upLog in

Avionics Penetration Tester - Midlevel

Astrion

Edwards AFB, California

Apply
JOB DETAILS
SALARY
$120,000–$140,000 Per Year
SKILLS
(XSS) Cross Site Scripting, Acceptance Testing, Air Force, Air Traffic Control (ATC), Aircraft Maintenance, Analysis Skills, Antivirus, Applications Security, Aviation Industry, Avionics, Bash Scripting, Best Practices, Communication Skills, Communications Protocols, Computer Security, Conferences, Cryptography, Cryptography Algorithms, DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System), Digital Signatures, DoD Directive 8140, DoD Directive 8570, Editing, Embedded Systems, Endpoint Security, Federal Government, Firewalls, Flight Navigation, GPS (Global Positioning System), IAT - Information Assurance Technical, ISSEP - Information Systems Security Engineering Professional, Industry Standards, Injections, Internet Application, Internet Security, Intrusion Detection Systems, Intrusion Detection and Prevention (IDP), Metasploit, Microsoft Active Directory, Military Operations, Military/DoD Standards, Multiplatform/Cross-Platform, NMap, Nessus, Network Administration/Management, Network Architecture/Engineering, Network Protocols, Network Routers, Network Switching, Network Testing, Penetration Testing, PowerView, Python Programming/Scripting Language, Quality Assurance Methodology, Radio Frequency, SSL-TLS (Secure Socket Layer - Transport Layer Security), Scripting (Scripting Languages), Secret Clearance, Security Analysis, Sensitive Compartmented Information (SCI), Spectrum Analyzers, TCP/IP (Transmission Control Protocol/Internet Protocol), Technical Writing, Test Plan/Schedule, Test Tools, Testing, Top Secret Clearance, U.S. National Institute of Standards and Technology (NIST), United States Citizen, United States Department of Defense (DoD), VLAN (Virtual Local Area Network), VPN (Virtual Private Network), Willing to Travel, Windows PowerShell, Wireshark (Ethereal)
LOCATION
Edwards AFB, California
POSTED
30+ days ago
Overview:

Avionics Penetration Tester – Mid-Level - TGEE

LOCATION: Edwards AFB, CA

Salary Range: Estimated $120,000.00 USD - $140,000.00 USD annually 

JOB STATUS: Full-time

CLEARANCE: Secret

CERTIFICATION: See Below

TRAVEL: 20%

 

 

 

Astrion has an exciting opportunity for an SE-3 Cybersecurity Penetration Tester for the TMAS 2 96 CTG Task Order, supporting the 48 CTS / TGEE.  The 48th CTS/Det 1 conducts Cyber Security Test & Evaluation of Embedded Avionics & Weapons Systems for multiple platforms within the Air Force. 

 

 

REQUIRED QUALIFICATIONS / SKILLS

 

Core qualifications

  • Technical BS Degree and 3-10 years of applicable experience. Additional experience may be substituted for education.
  • Active Secret clearance is required and must be able to obtain/maintain a Top Secret clearance. U.S. Citizenship is required.
  • Must have or be able to obtain DOD 8140 IAT Level 3 certification (CASP, CISSP, ISSEP, etc.) within 6 months of hire, and maintain certification throughout employment.

And

  • Prior understanding of aircraft avionics navigation, communication, and datalinks is desired (GPS, ACARS, Mode-S, Link-16, and etc.)
  • Proficiency in analyzing and/or manipulating avionics communication protocols, such as ARINC 429, MIL-STD-1553.
  • Military aircraft operations, maintenance, test or acquisition experience is desired.
  • Prior knowledge and applicable experience using various RF testing tools such as HackRF, SDR’s, spectrum analyzers, and Wireshark.
  • Knowledge of common vulnerabilities and attack vectors in aviation systems, including but not limited to buffer overflows, injection attacks, and protocol manipulation.
  • Understanding of aircraft network architectures, including intra-aircraft networks and inter-aircraft networks (e.g., Air Traffic Management Data Link, Aircraft Communications Addressing and Reporting System).
  • Understanding of cryptographic principles and their application in aviation security, including key management, encryption algorithms, and digital signatures.

Or

  • Familiarity with industry-standard frameworks and methodologies for conducting penetration tests, such as OWASP Testing Guide and NIST SP 800-115
  • Knowledge of endpoint security technologies and techniques, such as antivirus, host-based intrusion detection/prevention systems (HIDS/HIPS), and privilege escalation exploits.
  • Experience in identifying and exploiting security vulnerabilities in web applications, including injection flaws, cross-site scripting (XSS), and insecure direct object references (IDOR).
  • Familiarity with common networking protocols and technologies, such as TCP/IP, DNS, DHCP, VLANs, VPNs, and SSL/TLS.
  • Proficiency in conducting vulnerability assessments and penetration tests on network infrastructure, including routers, switches, firewalls, and servers.
  • Ability to effectively communicate technical findings and recommendations to both technical and non-technical stakeholders through detailed reports and presentations.
  • Prior experience with the use of enterprise penetration test tools. (nmap, Nessus, BurpSuite, Hydra, Metasploit, BloodHound.)
  • Continuous learning and staying updated with the latest security trends, vulnerabilities, and attack techniques through self-study, training, and participation in industry conferences and events.
  • Experience with python, bash, and PowerShell scripts
  • Capable of rewriting preexisting scripts, tools, or exploits to work on target systems.
  • Conduct penetration tests on Active Directory environments, leveraging tools like BloodHound and PowerView for reconnaissance and enumeration, to identify vulnerabilities and attack paths.
  • Execute advanced attack techniques, including pass-the-hash and golden ticket attacks, to assess the effectiveness of Active Directory security controls and simulate real-world threat scenarios.
  • Provide actionable recommendations and remediation strategies to improve the security posture of Active Directory infrastructures, emphasizing best practices such as least privilege principles and strong password policies.
  • Demonstrate the ability to complete a CTF if requested

 

DESIRED QUALIFICATIONS / SKILLS

 

  • Bachelor’s Degree in either Engineering or Cybersecurity related Discipline desired.
  • Active TS/SCI preferred.
  • OSCP, CPTS, PNPT certifications desired.
  • Prior understanding of aircraft avionics navigation, communication, and datalinks is desired (GPS, ACARS, Mode-S, Link-16, and etc.)

 

RESPONSIBILITIES

  • Execute test projects and program objectives with various DoD and federal agency customers
  • Review technical documentation related to Avionics Embedded Systems and RF datalinks and identify potential design shortfalls that might result in a cybersecurity weakness
  • Develop test corpus and test plans to validate the presence of weaknesses
  • Analysis data from test events and present this data in a coherent and accurate manner for the customer
  • Work with operational testers and pilots to identify vulnerabilities which might affect the cyber resiliency of the platform for a given mission
  • Assist with developing cyber contested environments to demonstrate the resiliency of the platform under test

#LI-AD1

#CJ

About the Company

A

Astrion

We are the transformative evolution of two prominent government services firms, ERC and Oasis Systems, each bringing with them a rich legacy of dedicated service to our nation’s Defense and Federal communities.

The company brings together 2,800 employees focused on Cybersecurity, Digital Solutions, Mission Support, and Systems Engineering serving customers in more than 36 states across the U.S. with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA.

Our resources, deep expertise, and adaptable solutions will enable us to scale and expand development and engineering capabilities for Defense and Federal communities.

COMPANY SIZE
2,500 to 4,999 employees
INDUSTRY
Other/Not Classified
WEBSITE
https://astrion.us/about-us/

Resume Resources

Free Resume TemplatesFree Resume Builder