- Minneapolis, MN, USA
FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,000 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.
A successful FireEye/Mandiant Prinicpal Red Team Consultant should possess a deep understanding of information security and computer science and have experience leading a team of highly technical red teamers. They should understand advanced Red Team concepts such as performing covert operations against complex networks while remaining entirely undetected, advanced application manipulation, and basic programming concepts. FireEye/Mandiant Red Team managers are expected to be as technical as the consultants they manage and will assist on the most difficult engagements. A typical engagement could be breaking into a segmented secure zone at a Fortune 500 bank, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. If you can operate at scale while remaining stealthy, identify and abuse misconfigurations in network infrastructure, and manage a team of highly skilled, technical individuals, then this is the job for you.
FireEye/Mandiant Red Team Principals are the lead project managers for all offensive engagements. This includes scoping prospective engagements, managing team metrics, establishing quarterly goals team growth, conducting performance reviews and 1:1 meetings, scheduling resources for projects, managing multiple projects from kickoff to completion, and delivering executive out-briefs. Managers are vital to the project lifecycle and must be able to deliver successful projects with little to no oversight.
At FireEye, you'll be working and managing some of the best experts in the industry and faced with complex problem-solving opportunities daily. We help our clients protect their most sensitive and valuable data through comprehensive and real-world assessments. The objective doesn't end at gaining "domain admin" or "root"; this is expected and is only a means to an objective.
You are expected to quickly assimilate new information as you will face new client environments on a weekly or monthly basis. You will be expected to understand all the threat vectors to each environment and properly assess them. You will get to work with and manage some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?
- Manage consulting engagements, with a focus on advanced Red Team operations and penetration tests. Provide both subject matter expertise and project management experience to serve as the "point person" for engagements
- Bachelor's degree in a technical field or equivalent experience
- Minimum five (5) years of experience leading or managing technical teams
- Assist with scoping prospective engagements, participating in engagements from kickoff through completion, and mentoring less experienced staff
- Polished presentation skills, to include capabilities at technical, executive, and board levels
- Identify, market, and develop new and pull-through business opportunities
- Articulate FireEye & Mandiant's combined capabilities in marketing discussions, proposal efforts, and capability briefings
- Supervise staff, provide feedback and coaching, and grow their technical and consulting skills
- Improve Mandiant's business processes and red team methodologies.
- Bachelor's degree in a technical field
- 5-8 years' experience in at least three of the following:
- Network penetration testing and manipulation of network infrastructure
- Mobile and/or web application assessments
- Email, phone, or physical social-engineering assessments
- Shell scripting or automation of simple tasks using Perl, Python, or Ruby
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
- Reverse engineering malware, data obfuscators, or ciphers
- Source code review for control flow and security flaws
- Strong knowledge of tools used for wireless, web application, and network security testing
- Ability to manage multiple projects and manage tight deadlines
- Prior training and public speaking engagement experience
- Ability to travel up to 20%
- Ability to successfully interface with clients (internal and external)
- Ability to prepare and review customized contracts for security consulting services
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance own time among multiple tasks, and lead junior staff when required
- Thorough understanding of network protocols, data on the wire, and covert channels
- Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
- Must be eligible to work in the US without sponsorship
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.