Maplesoft Group is currently seeking an IT Security VA Specialist (Tactical Cyber) for our Federal Government client.

Tasks and Responsibilities include, but are not limited to the following:
 
1 Lead Red Team operations;
2 Develop and deploy TD5 and above level TTPs in support of cyber exercises and testing;
3 Develop and deploy TD5 and above level tooling in support of cyber exercises and testing;
4 Undertake engagements that may perform penetration testing against a system of 
networked devices from an advanced threat actor perspective;
5 Undertake engagements that may perform penetration testing against a single device 
including the assessment of Operating Systems and Firmware from an advanced threat 
actor perspective;
6 Undertake engagements that may perform reverse engineering and penetration testing 
against a single endpoint application from an advanced threat actor perspective;
7 Undertake engagements that may perform penetration testing against hosted web 
applications or mobile device applications from an advanced threat actor perspective;
8 Undertake engagements that may perform penetration testing against wireless systems or 
devices such as WiFi or Bluetooth from an advanced threat actor perspective;
9 Undertake engagements that may perform penetration testing that focuses on identifying 
and validating vulnerabilities associated with physical security as well as employee’s ability 
to follow documented policies, procedures, and best practices;
10 Undertake engagements that may perform Vulnerability Assessments (VA) using a wide 
variety of tools;
11 Perform intelligence impact assessments on devices and systems as they effect the client and 
its allies;
12 Use network discovery and scanning tools to perform port and service scanning, service 
enumeration and vulnerability scanning;
13 Develop a framework for tactical cyber range operations for training new operators;
14 Attempt to exploit any discovered vulnerabilities. This may include attempts to guess or 
crack passwords or to gain access to encrypted information using tactics such as private 
key theft and cryptographic downgrade attacks;
15 Execute the agreed upon misuse cases against the System under Test (SUT) in order to 
study its behaviour to uncover weaknesses and attempt to exploit those weaknesses in 
order to gain unauthorized access to information system and assets;
16 Produce a Security Engineering Validation (SEV) report that enumerates all findings 
discovered as part of the assessment. Each finding includes a description of the 
vulnerability, the technical impact of the vulnerability if exploited, the probability that a 
sufficiently skilled threat actor could exploit the vulnerability, as well as recommendations 
expressed as additional security controls that could mitigate the vulnerability. Lastly, 
provide a severity rating for each finding based on the above information;
17 Provide a briefing to the client to discuss the findings including the recommended 
mitigations;
18 Perform advanced security research on targeted solutions focusing on intelligence impact;
19 Develop weaponized proof-of-concept exploits for existing and newly discovered 
vulnerabilities;
20 Develop cyber collateral damage assessments for exploited vulnerabilities and offensive 
tools;
21 Provide security advice from a tactical and intelligence offensive perspective; conduct 
security related research; maintain a tactical cyber operations lab environment for the 
development of customized penetration testing tools and capabilities; and perform 
offensive security demonstrations;
22 Remain abreast of newly disclosed vulnerabilities and assess the potential impact on the 
department’s information systems. This may include analysing exploit code, including 
proof-of-concept code, to develop a better understanding of the vulnerability and the 
conditions by which the vulnerability may be exploited;
23 Develop OPSEC safe agent code to augment existing capabilities;
24 Triage vulnerabilities with the equity review board to determine appropriate course for any 
equities discovered;
25 Provide assistance to the client as well as other Cyber related units;
26 Design and develop opposing force attack scenarios for Cyber Training exercises such as 
the FVEYs Cyber Flag, Cyber Exercise (CyberX) initiatives;
27 Provide end-of-day as well as end-of-exercise briefings to training exercise participants to 
ensure participants achieve maximum benefit;
28 Develop penetration testing tutorials for use as training materials for SEV, CFNOC, or 
other Cyber related units;
29 Assess existing offensive security tool set and make recommendations to improve and 
modernize the tool set; and
30 Identify gaps in the existing SEV OCO capabilities, services, technologies and tools; and
31 Design and implement CTF and training exercises with tactical cyber operations and 
intelligence content.


Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people.  Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.

Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans’ status, Aboriginal peoples or any other legally protected factors. 

All employment decisions are made based on business needs, job requirements, and individual qualifications. 

We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at info@maplesoftgroup.com.

We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.