Principal Penetration Tester - Red Team (Remote Western US) @ Mandiant - San Francisco, CA

Job Overview

19 days ago

Principal Penetration Tester - Red Team (Remote Western US)

Mandiant - San Francisco, CA

Company Description


Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.


Job Description


A successful Red Team consultant at Mandiant should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. This is not a “press the ‘pwn’ button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a segmented secure zone at a Fortune 500 bank, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.

At Mandiant, you’ll be faced with complex problem solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real world scenario testing. The objective doesn’t end at gaining “domain admin” or “root”; this is expected and is only a starting point.

You are expected to quickly assimilate new information as you will face new client environments on a weekly or monthly basis. You will be expected to understand all the threat vectors to each environment and properly assess them. You will get to work with some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?

Responsibilities:

  • Scope prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
  • Serve as a technical lead for complex engagements
  • Develop and mentor junior staff
  • Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Recognize and safely utilize attacker tools, tactics, and procedures
  • Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
  • Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Qualifications


Requirements:

  • 7 plus years' experience in at least three of the following:
    • Network penetration testing and manipulation of network infrastructure
    • Mobile and/or web application assessments
    • Email, phone, or physical social-engineering assessments
    • Shell scripting or automation of simple tasks using Perl, Python, or Ruby
    • Developing, extending, or modifying exploits, shellcode or exploit tools
    • Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
    • Reverse engineering malware, data obfuscators, or ciphers
    • Source code review for control flow and security flaws
  • Strong knowledge of tools used for wireless, web application, and network security testing
  • Thorough understanding of network protocols, data on the wire, and covert channels
  • Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
  • Must be eligible to work in the US without sponsorship

Additional Qualifications:

  • Ability to travel up to 20%
  • Ability to successfully interface with clients (internal and external)
  • Ability to document and explain technical details in a concise, understandable manner
  • Ability to manage and balance own time among multiple tasks, and lead junior staff when required

Additional Information


At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.


Minimum Salary: $120,000. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations.

Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from FireEye’s Compensation Committee, and vesting terms

Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, FireEye also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. FireEye also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.

  • Disclosure as required by sb19-085 (8-5-20)

Similar Jobs

Emerging Client Portfolio Sales Engineer (Manager)

Deloitte

San Jose, CA

Working hand-in-hand with Partners, Principals and Managing Directors, these sales executives focus their highly skilled efforts in securing relationships with…

Emerging Client Portfolio Sales Engineer (Manager)

Deloitte

Sacramento, CA

Working hand-in-hand with Partners, Principals and Managing Directors, these sales executives focus their highly skilled efforts in securing relationships with…

Sales Representative

Xylem

San Francisco, CA

Identify, develop and implement local marketing strategies to expand penetration of Xylem’s products in assigned business. Must be able to lift 70+ pounds.

Sales Representative

Xylem

Sacramento, CA

Identify, develop and implement local marketing strategies to expand penetration of Xylem’s products in assigned business. Must be able to lift 70+ pounds.

Benefits Advisor

Western Growers Insurance Services

Salinas, CA

Cross-sell other WG products and services to seek a level of penetration in each account relationship. Proven ability to influence company decision makers i.e.…

Principal Cloud Security Engineer

PG&E Corporation

San Francisco, CA

Desired: Recent 1+ years of Terraform deployments and Terraform templates (Infrastructure as Code) Experience as a sysadmin in using OS platform (Linux/Unix)…

Senior Software Engineer - Application Security Engineer

Capgemini

Santa Clara, CA

Experience in web application design, penetration testing, application risk assessment and risk categorization. Leads initiatives and special projects.

Sr Business Analyst

Enquero Inc

Milpitas, CA

Ensure penetration of applications, processes, and systems to streamline supply chain outputs. We assist our happy customers across all spectrum to reimagine…

Principal Penetration Tester - Red Team (Remote Western US)

Mandiant

San Francisco, CA

Network penetration testing and manipulation of network infrastructure. Perform network penetration, web and mobile application testing, source code reviews,…

Dealer Relations Representative

SchoolsFirst FCU

Sacramento, CA

Partner with dealer Finance & Insurance, General Sales Manager's, General Manager's and dealer principals to increase month over month funded loan volume.

Senior Penetration Tester- Red Team

Accenture

Walnut Creek, CA

Understanding of application design principals. Minimum of 5 years of experience in performing network penetration testing.

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

San Francisco, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Senior Staff Cyber Offense Engineer

Databricks

San Francisco, CA

Perform penetration testing, red teaming, and vulnerability assessments of complex and critical systems. This is a Senior Staff or Senior Principal level role.

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

Walnut Creek, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Associate Account Manager

Republic Services Inc

San Francisco, CA

Increases customer penetration by selling full suite of Republic Services products. The Associate Account Manager is responsible for making outbound calls and…

Solution Manager / Solution Architect

Altais

Oakland, CA

As the Principal Product Strategist, you will be reporting to the Director of Product Strategy and Innovation, and you will be responsible for leading the…

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

Oakland, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

Pleasanton, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

Redwood City, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Senior Java Developer

SAP

Palo Alto, CA

Development of new security shared services and APIs following cloud and micro service principals. Evaluate and mitigate reported security vulnerabilities…

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

Rancho Cordova, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

San Jose, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Penetration Tester - Mid-Senior - Location Negotiable

Accenture

Sacramento, CA

A Penetration Tester would be responsible for delivering advanced level simulated attack and penetration testing engagements as well as managing teams of…

Lead/Principal Product Security Engineer

Salesforce

San Francisco, CA

You will work closely with our engineering teams to scope and implement application security reviews throughout the development cycle, including architecture…

Ad