FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at https://www.fireeye.com/company.html.
The Mandiant Security team ensures the protection of the company’s people, systems, and data by providing talented, passionate, and specialized security expertise. We are looking for motivated team members with strong penetration testing, security validation or red team skills to help us leverage threat intelligence led and scenario-based assessments against our corporate assets.
At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on technical opportunities daily. We help our company protect its most sensitive and valuable data through comprehensive and real-world scenario emulation, based off the most up-to-date threat intelligence. You will have the opportunity to work with some of the best security minds in the world, grow your technical and soft skills, and contribute to a company on a mission to secure our customers and communities. Are you ready for the challenge?
What You Will Do:
- Perform network penetration, web application testing, cloud service testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
- Develop reports and presentations for both technical and management audiences
- Effectively communicate findings and remediations to stakeholders including technical staff and management
- Recognize and safely utilize attacker tools, tactics, and procedures
- Develop scripts, tools, or methodologies to enhance Mandiant Security’s red teaming and pen testing processes
- Assist with scoping engagements and leading engagements from kickoff through reporting
Minimum Requirements:
- 2-5 years' experience in software development and engineering
- Experience with shell scripting or automation of simple tasks using Python, Ruby, or Powershell
- Experience developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
- Understanding of network protocols and data on the wire
- Understanding of the Unix/Linux/Mac/Windows operating systems
- Knowledge of security controls and detection techniques
- Knowledge of tools used for cloud, wireless, web application, and network security testing
- Must be eligible to work in the US without sponsorship
Desired Qualifications:
- 1-3 years' experience in at least three of the following:
- Network penetration testing and manipulation of network infrastructure
- Mobile and/or web application assessments
- Cloud penetration testing and assessments of AWS, Azure, and/or SaaS platforms
- Knowledge of persistence toolkits and red team infrastructure
- Email, phone, or physical social-engineering assessments
- Source code review for control flow and security flaws
- Reverse engineering malware, data obfuscators, or ciphers
- Developing, extending, or modifying exploits, shellcode or exploit tools
By: Onkar