A successful Application Penetration Tester working as a Red Team consultant at Mandiant should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, vulnerability discovery and analysis, as well as exploit development.
This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and hardware to breach the security of a target system or reverse engineering an application and encryption method in order to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications, thick/thin clients, or embedded devices and can present your findings in a digestible manner while demonstrating strong analytical skills, then you’re the type of consultant we’re looking for.
At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through using real-world application penetration testing methodologies and by ensuring our consultants are up-to-date with the latest trends and techniques. Your ability to bring and utilize these skill sets is only the beginning, as it will be expected of you to continue to digest new information from both your peers and the greater security community to further enhance your skillsets and knowledge.
You are expected to quickly assimilate new information with respect to the latest technologies, as you will assess new applications on a weekly or monthly basis. You will be expected to understand all the threat vectors and the attack surface of each application to properly assess them. You will get to work with some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?
- Perform web and mobile application testing, source code reviews, thick/thin application testing, and embedded device testing
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to enhance Mandiant’s application penetration testing processes
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
- 4-7 years' experience in at least two of the following or demonstrating above average ability in one of the following:
- Web Application Assessments
- Mobile Application Assessments
- Thick/Thin Application Assessments
- Embedded Devices Assessments (IOT)
- Source Code Review
- Reverse Engineering
- Additional skill sets or experience should include four or more of the following:
- Participation in web hacking challenges, competitions or bug bounties
- Development of tools or plugins used to conduct testing and analysis
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
- Shell scripting or automation of simple tasks using Perl, Python, or Ruby
- Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
- Reverse engineering malware, data obfuscators, or ciphers
- Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms
- Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
- Mastery of Unix/Linux/Mac/Windows operating systems, including bash or other programming languages
- Must be eligible to work in the US without sponsorship
- Ability to travel up to 30%
- Ability to successfully interface with clients (internal and external)
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance own time among multiple tasks, and lead junior staff when required
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire. At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Minimum Salary: 100,900.00. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant’s Compensation Committee, and vesting terms.
Benefits: Whether you are just starting your career, reaching a milestone, or gearing up for retirement, we offer plans and programs to keep you happy and healthy at any stage of life. We regularly evaluate our options to make sure they’ve got everything you need. Part of what makes Mandiant great is our diverse team, and we’ve made it our priority to provide benefits that support you on your individual journey at work and at home. Mandiant subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided