The Advanced Red Team Operator leads and executes complex penetration testing and red team operations in support of OPTEVFOR Cyber Operational Test & Evaluation (OT&E). The role provides technical leadership across planning, preparation, execution, and post-test activities; mentors and directs basic and intermediate operators; and ensures compliance with OPTEVFOR policies, DoD guidance, and DCAT authorization requirements.

Qualifications

Offensive Security Certified Professional (OSCP) or equivalent offensive cybersecurity certification

Minimum of six (6) years of experience performing penetration testing, red teaming, and/or exploitation development

Proficiency with multiple offensive cyber tools, including:

Metasploit

Cobalt Strike

Core Impact

Burp Suite

Nessus

SharpHound

Demonstrated ability to detect malicious program activity using dynamic analysis techniques

Ability to independently plan and execute penetration testing and red team activities to accomplish assigned test objectives

Minimum of six (6) years of demonstrated experience leading red team operators to accomplish assigned test objectives

Key Responsibilities

Policy, Procedures, and Governance

Become proficient in and ensure adherence to OPTEVFOR Cyber T&E CONOPS, SOPs, policies, and guidance

Maintain and contribute to development of 01D SOPs and technical documentation supporting DCAT authorization in accordance with DoDI 8585.01

Research, review, prioritize, and submit operational requirements for acquisition of cyber tools and capabilities in accordance with the 01D tool approval process

Lead development and execution of tactics, techniques, and procedures (TTPs) for penetration testing and red team operations

Research adversary cyber actors’ TTPs, organizational structures, capabilities, personas, and operating environments, integrating findings into cyber survivability test planning and execution

Test Planning

Lead and participate in OPTEVFOR cyber test planning activities, including:

Conducting open-source research and reviewing system-under-test (SUT) documentation to understand mission, architecture, interfaces, and critical components

Identifying attack surfaces and threat vectors

Participating in checkpoint meetings

Guiding development of cyber test objectives

Reviewing test plans to ensure objectives are feasible, comprehensive, and executable

Participating in test planning site visits

Test Preparation

Lead preparation activities for cyber OT&E events, including:

Participation in site pre-test coordination visits and support of test site in-briefs

Leading red team test plan reviews

Adding relevant system technical information to the test reference library

Organizing and leading research briefings focused on advanced capability development for future tests

Preparing OPTEVFOR Red Team (OPTEV-RT) Government-furnished test assets

Test Execution

Lead execution of assigned cyber test events, including Cooperative Vulnerability Penetration Assessments, Adversarial Assessments, and Cyber Tabletop exercises, in support of Operational Testing, Developmental Testing, risk-reduction events, and other assigned efforts

Employ OPTEVFOR-provided and NAO-approved commercial and open-source cyber assessment tools, including but not limited to:

Core Impact, Nmap, Burp Suite, Metasploit, Nessus

Apply ethical hacking techniques to exploit discovered vulnerabilities and misconfigurations across:

Operating systems (Windows, Linux, Unix)

Network protocols and services (HTTP, FTP, DNS, PKI, HTTPS)

Execute testing independently while providing technical direction and oversight to Basic and Intermediate operators

Ensure all testing is conducted safely, in accordance with approved test plans and OPTEVFOR policies

Adhere to JFHQ-DoDIN deconfliction procedures

Verify accuracy and completeness of collected test data

Post-Test and Continuous Improvement

Participate in the post-test iterative process, including generation of deficiency and risk documentation

Document lessons learned and drive continuous improvement across red team operations

Generate and update documentation required to maintain DCAT authorization compliance in accordance with DoDI 8585.01

Participate in capture-the-flag events, cyber off-sites, red team huddles, and technical exchange meetings; develop supporting products and materials

Attend OPTEVFOR-required meetings in support of OT&E activities

DCWF Knowledge, Skills, Abilities, and Tasks (KSATs)

Skills

Assessing existing tools to identify capability gaps and improvement opportunities

Testing and evaluating cyber tools for operational implementation

Knowledge management and technical documentation (e.g., wiki-based documentation)

Processing exfiltrated data for analysis and dissemination

Evaluating and validating locally developed tools for operational use

Ability to collaborate with development organizations to create, adapt, and deploy tools required to achieve operational objectives

Ability to develop new techniques for gaining, maintaining, and extending access to target systems

Knowledge

Active defense methodologies and system hardening techniques

Encryption algorithms and cyber tools (e.g., TLS, PGP)

Evasion strategies and exploitation techniques

Forensic implications of operating system structures and processes

Host-based security products and their impact on exploitation

Network administration, construction, and topology

Security hardware and software options and their effects on exploitation artifacts

Security implications of software configurations

Digital forensics fundamentals to extract actionable intelligence

Cryptologic capabilities, limitations, and contributions to cyber operations

Unix/Linux and Windows operating system internals (process management, directory structures, installed applications)

Network collection procedures, including decryption techniques and tools

Knowledge of deconfliction reporting processes, including coordination with external organizations