Listing Description
To ensure fastest possible review of your application, please apply via this link: https://smrtr.io/4bgzD
Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.
In this role, the candidate is expected to be able to conduct hands-on penetration testing beyond automated tool validation, conduct scenario-based and functional security testing during authenticated and unauthenticated testing, assess associated coding against well established and universally accepted best practices, develop comprehensive and accurate reports and presentations for both technical and executive audiences, communicate findings and strategy to client stakeholders and technical staff, and assist with remediation activities during testing.
Qualifications:
Top Secret clearance with SCI eligibility and the ability to undergo polygraph (if client requested)
Bachelor’s degree in an IT-related field or equivalent experience
Twelve years (12+) years of cyber security experience; Ten years (10+) years of experience in a penetration testing role, including:
Internal and external network penetration testing and manipulation of network infrastructure
Mobile and/or web application assessments
Email, phone or physical social engineering assessments
Shell scripting or automation of simple tasks using Perl, Python or Ruby
Knowledge of automated validation tools such as Verodin
Crown jewels of High Value Asset (HVA) assessments
Familiarity with application DevOps concepts, tools, and technologies
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell
Knowledge of applications, database, Web server design, HTML, and implementation
Validate security weaknesses, research known attacks, develop custom tools and exploits, etc.
Understanding of Internet (HTTP, FTP, etc.) and network (SMB, TCP/IP, etc.) protocols
Knowledge of open security testing standards and projects, including OWASP
Experience with internal/external/web application penetration testing
Thorough understanding of network protocols, data on the wire and covert channels
Expertise consulting with executive and senior-level clients to define needs and issues, developing requirements and analyzing findings to recommend solutions
Superior interpersonal, communication, presentation and writing skills
Additional Qualifications:
Ability to travel up to 30%
Experience developing, extending or modifying exploits, shellcode or exploit tools
Experience developing applications in C#, ASP, .NET or Java (J2EE) desired
Experience reverse engineering malware, data obfuscators or ciphers
Assess compliance posture against regulatory requirements such as NIST SP 800-53, ATT&CK Mitre Framework, CSF, OWASP ASVS, and ISO 27001 desired
Experience performing database assessments including configuration, access controls, patch compliance and penetration testing desired
Offensive Security Certified Professional (OSCP), Offensive Security Certified Engineer (OSCE), Offensive Security Web Expert (OSWE), and/or SANS GIAC Web Application Penetration Tester (GWAPT) Certification desired.Perform Mandiant Validation using Verodin and perform various RTO, network penetration, web application testing, threat analysis, wireless network assessments and social engineering assessments
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Effectively communicate findings and strategy to customer stakeholders, including technical staff, executive leadership and legal counsel
Recognize and safely utilize attacker tools, tactics and procedures
Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
Ability to lead penetration tests and security assessments from kickoff through remediation, mentoring less experienced staff
Listing Details
- Citizenship: Top Secret
- Incentives: Both
- Education: No Requirements
- Travel: Travel 25
- Telework: No Telecommute