Red Team Lead

The Mandiant Security team ensures the protection of the company’s people, systems, and data by providing talented, passionate, and specialized security expertise. We are looking for motivated team members with strong penetration testing, security validation or red team skills to help us leverage threat intelligence led and scenario-based assessments against our corporate assets.

At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on technical opportunities daily. We help our company protect its most sensitive and valuable data through comprehensive and real-world scenario emulation, based off the most up-to-date threat intelligence. You will have the opportunity to work with some of the best security minds in the world, grow your technical and soft skills, and contribute to a company on a mission to secure our customers and communities. Are you ready for the challenge?

What You Will Do: 

• • Perform network penetration, web application testing, cloud service testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
  • Develop reports and presentations for both technical and management audiences
  • Effectively communicate findings and remediations to stakeholders including technical staff and management
  • Recognize and safely utilize attacker tools, tactics, and procedures
  • Develop scripts, tools, or methodologies to enhance Mandiant Security’s red teaming and pen testing processes
  • Assist with scoping engagements and leading engagements from kickoff through reporting

Minimum Requirements: 

• • 2-5 years' experience in software development and engineering
  • Experience with shell scripting or automation of simple tasks using Python, Ruby, or Powershell
  • Experience developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
  • Understanding of network protocols and data on the wire
  • Understanding of the Unix/Linux/Mac/Windows operating systems
  • Knowledge of security controls and detection techniques
  • Knowledge of tools used for cloud, wireless, web application, and network security testing
  • Must be eligible to work in the US without sponsorship

Desired Qualifications: 

• • 1-3 years' experience in at least three of the following:
    • Network penetration testing and manipulation of network infrastructure
    • Mobile and/or web application assessments
    • Cloud penetration testing and assessments of AWS, Azure, and/or SaaS platforms
    • Knowledge of persistence toolkits and red team infrastructure
    • Email, phone, or physical social-engineering assessments
    • Source code review for control flow and security flaws
    • Reverse engineering malware, data obfuscators, or ciphers
    • Developing, extending, or modifying exploits, shellcode or exploit tools

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This role is regionally based and must be located on the East coast.