Red Team Lead (TS/SCI)
- Washington, DC
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 9,000 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.
The Mandiant Consulting team is seeking a Red Team and Verodin Lead to support both federal government and commercial customers. The primary focus of this role will be to perform Verodin Mandiant validation assessments and other Red Team Operations (RTO) against customer’s infrastructure. In this role, the candidate is expected to be able to conduct hands-on penetration testing beyond automated tool validation, conduct scenario-based and functional security testing during authenticated and unauthenticated testing, assess associated coding against well established and universally accepted best practices, develop comprehensive and accurate reports and presentations for both technical and executive audiences, communicate findings and strategy to client stakeholders and technical staff, and assist with remediation activities during testing.
What You Will Do:
- Perform Mandiant Validation using Verodin and perform various RTO, network penetration, web application testing, threat analysis, wireless network assessments and social engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to customer stakeholders, including technical staff, executive leadership and legal counsel
- Recognize and safely utilize attacker tools, tactics and procedures
- Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
- Ability to lead penetration tests and security assessments from kickoff through remediation, mentoring less experienced staff
- Top Secret clearance with SCI eligibility and the ability to undergo polygraph (if client requested)
- Bachelor’s degree in an IT-related field or equivalent experience
- Twelve years (12+) years of cyber security experience; Ten years (10+) years of experience in a penetration testing role, including:
- Internal and external network penetration testing and manipulation of network infrastructure
- Mobile and/or web application assessments
- Email, phone or physical social engineering assessments
- Shell scripting or automation of simple tasks using Perl, Python or Ruby
- Knowledge of automated validation tools such as Verodin
- Crown jewels of High Value Asset (HVA) assessments
- Familiarity with application DevOps concepts, tools, and technologies
- Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell
- Knowledge of applications, database, Web server design, HTML, and implementation
- Validate security weaknesses, research known attacks, develop custom tools and exploits, etc.
- Understanding of Internet (HTTP, FTP, etc.) and network (SMB, TCP/IP, etc.) protocols
- Knowledge of open security testing standards and projects, including OWASP
- Experience with internal/external/web application penetration testing
- Thorough understanding of network protocols, data on the wire and covert channels
- Expertise consulting with executive and senior-level clients to define needs and issues, developing requirements and analyzing findings to recommend solutions
- Superior interpersonal, communication, presentation and writing skills
- Ability to travel up to 30%
- Experience developing, extending or modifying exploits, shellcode or exploit tools
- Experience developing applications in C#, ASP, .NET or Java (J2EE) desired
- Experience reverse engineering malware, data obfuscators or ciphers
- Assess compliance posture against regulatory requirements such as NIST SP 800-53, ATT&CK Mitre Framework, CSF, OWASP ASVS, and ISO 27001 desired
- Experience performing database assessments including configuration, access controls, patch compliance and penetration testing desired
- Offensive Security Certified Professional (OSCP), Offensive Security Certified Engineer (OSCE), Offensive Security Web Expert (OSWE), and/or SANS GIAC Web Application Penetration Tester (GWAPT) Certification desired.
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to [email protected].