The Exploitation Analyst serves as a subject matter expert (SME) in cyberspace operations, responsible for developing and overseeing detailed cyber Operational Test & Evaluation (OT&E) plans executed by OPTEVFOR Red Teams and other supporting organizations. The role supports cyber survivability assessments by identifying system access points, critical components, and adversarial techniques to develop executable test objectives.
The Exploitation Analyst identifies cyber capability gaps, evaluates cyber test requirements for systems under test, and researches and coordinates with DoD organizations, academia, private sector partners, and defense contractors to identify appropriate cyber capabilities and tools. Proposed test requirements are forwarded to the Government for review and approval. All duties are performed under the supervision of the OPTEVFOR 01D Future Operations Officer. Personnel in this role may support multiple programs concurrently based on planning scope and execution schedules.
The Exploitation Analyst also supports the development and maintenance of OPTEVFOR cyber survivability planning templates, documentation, and training curricula, and serves as an instructor for associated courses. Participation in OT&E working groups, technical exchanges, and meetings is required. All personnel must sign the OPTEVFOR Red Team Code of Conduct.
Security Clearance Requirement: Eligibility for Top Secret / Sensitive Compartmented Information (TS/SCI).
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, or a related technical discipline OR a minimum of five (5) years of experience supporting DoD defensive or offensive cyberspace operations planning or exploitation analysis
Demonstrated proficiency decomposing complex computer systems and network architectures in support of exploitation analysis
Proficiency with Microsoft Office applications, including Visio, Project, Excel, and PowerPoint
Proven ability to apply quality assurance and quality control (QA/QC) processes to analytical products prior to Government delivery
Excellent written and verbal communication skills, including experience briefing senior leadership (O-6 / GS-15 or above)
Key Responsibilities:
Headquarters (HQ) Support
Serve as an OPTEVFOR 01D Exploitation Analyst supporting cyber survivability policy and process oversight for warfare divisions
Become proficient in and adhere to OPTEVFOR cyber OT&E CONOPS, SOPs, policies, and guidance
Support sustainment, updates, and instruction of the OPTEVFOR Cyber Survivability Test Planning Course
Attend OPTEVFOR-required meetings in support of OT&E activities
Identify and communicate risks, issues, and challenges to the 01D Future Operations Officer in a timely manner
Participate in development and maintenance of 01D SOPs and OPTEVFOR cyber test planning documentation, including participation in the Configuration Control Board (CCB) process
Pre-Test Planning
Support development of overall cyber OT&E strategy and test scope for acquisition programs
Review and assess Test and Evaluation Master Plans (TEMP), Integrated Evaluation Frameworks (IEF), test plans, and related planning documents to ensure compliance with OPTEVFOR policy and adequacy of cyber test strategies
Adjudicate stakeholder comments related to cyber OT&E planning documentation
Support program-specific and non-program-specific T&E Integrated Product Teams (IPTs), cyber tabletop exercises, technical exchange meetings, and other planning events as assigned
Test Planning
Develop cyber survivability test plans in accordance with OPTEVFOR Cyber OT&E procedures and approved templates
Coordinate with warfare divisions and red team operators to ensure:
Test objectives are comprehensive and executable
Data collection requirements are clearly defined
Cyber capabilities are identified, resourced, and integrated prior to test plan approval
Participate in test planning visits and site surveys supporting cyber OT&E events
Test Execution
Lead preparation for test execution, including:
Participation in site pre-test coordination visits and delivery of site in-briefs
Conduct of Pre-Execution Briefs to OPTEVFOR 01D leadership
Preparation and delivery of required data libraries to test sites
Verification that all deconfliction requirements are met in accordance with JFHQ-DoDIN and Navy Cyber Defense Operations Command guidance
Lead execution of assigned cyber OT&E events, including cooperative vulnerability penetration assessments and adversarial assessments
Coordinate execution with OTDs, site personnel, program office SMEs, and supporting red teams
Ensure tests are conducted safely and in compliance with OPTEVFOR and DoD policies
Follow all JFHQ-DoDIN deconfliction procedures
Verify accuracy and completeness of collected data
Conduct daily hotwashes and submit daily summary reports to the OTD and OPTEVFOR 01D leadership
Ensure all test objectives are fully executed and documented
Post-Test Activities
Support post-test processes to ensure traceability between test objectives, collected data, and deliverables
Coordinate with the OTD to schedule post-test meetings
Participate in post-test forums, including:
Data uploads and scoring boards
OPTEVFOR 01D Review Board
Critical Operational Issue (COI) Evaluation Working Group (CEWG)
System Evaluation Review Board (SERB)
Executive SERB (E-SERB)
Lead development of final test report products, ensuring technical accuracy and compliance with OPTEVFOR Cyber OT&E procedures and templates, including:
Drafting Data Analysis Summaries and Results Enclosures
Reviewing Blue/Gold Sheets prepared by red team operators
DCWF Knowledge, Skills, Abilities, and Tasks (KSATs)
Knowledge
Computer system architectures and physical components (CPUs, NICs, storage, peripherals)
Network addressing, routing, and protocols (IP, CIDR, TCP/UDP, SMTP)
Common networking devices and configurations (routers, switches, hubs)
Operating systems concepts (Linux, Unix)
Communications media and technologies (wired, wireless, satellite)
Cyber attack methods and techniques (e.g., DDoS, spoofing, brute force)
Malicious activity lifecycle concepts (footprinting, scanning, enumeration)
Internet and routing protocols and application behaviors
Skills & Abilities
Develop comprehensive exploitation strategies identifying technical and operational vulnerabilities
Identify, describe, and assess system and network vulnerabilities
Analyze complex systems to determine exploitable attack surfaces
Collaborate effectively across Government, contractor, and red team stakeholders
Communicate complex technical information clearly through written, verbal, and visual means
Apply QA/QC rigor to analytical products supporting senior-level decision making