FireEye Inc. Principal Penetration Tester- Red Team in Denver, Colorado

Position Title: Principal Penetration Tester- Red TeamLocation: Denver, COThe Company:FireEye is the intelligence-led security company. Working as a seamless,scalable extension of customer security operations, FireEye offers a singleplatform that blends innovative security technologies, nation-state gradethreat intelligence, and world-renowned Mandiant consulting. With thisapproach, FireEye eliminates the complexity and burden of cyber security fororganizations struggling to prepare for, prevent, and respond to cyberattacks. FireEye has over 6,300 customers across 67 countries, includingmore than 40 percent of the Forbes Global 2000.The Role:A successful Red Team consultant at Mandiant should possess a deepunderstanding of both information security and computer science. They shouldunderstand basic concepts such as networking, applications, and operatingsystem functionality and be able to learn advanced concepts such asapplication manipulation, exploit development, and stealthy operations.This is not a "press the 'pwn' button" type of job; this career istechnical and challenging with opportunities to work in some of the mostexciting areas of security consulting on extremely technical and challengingwork. A typical job could be breaking into a segmented secure zone at aFortune 500 bank, reverse engineering an application and encryption methodin order to gain access to sensitive data, all without being detected. Ifyou can exploit at scale while remaining stealthy, identify and exploitmisconfigurations in network infrastructure, parse various types of outputdata, present relevant data in a digestible manner, think well outside thebox, or are astute enough to quickly learn these skills, then you're thetype of consultant we're looking for.At Mandiant, you'll be faced with complex problem solving opportunitiesand hands-on testing opportunities on a daily basis. We help our clientsprotect their most sensitive and valuable data through comprehensive and realworld scenario testing. The objective doesn't end at gaining "domainadmin" or "root"; this is expected and is only a starting point.You are expected to quickly assimilate new information as you will face newclient environments on a weekly or monthly basis. You will be expected tounderstand all the threat vectors to each environment and properly assessthem. You will get to work with some of the best red teamers in theindustry, causing you to develop new skills as you progress through yourcareer. Are you up to the challenge?Responsibilities:Perform network penetration, web and mobile application testing, sourcecode reviews, threat analysis, wireless network assessments, andsocial-engineering assessmentsDevelop comprehensive and accurate reports and presentations for bothtechnical and executive audiencesEffectively communicate findings and strategy to client stakeholders includingtechnical staff, executive leadership, and legal counselRecognize and safely utilize attacker tools, tactics, and proceduresDevelop scripts, tools, or methodologies to enhance Mandiant's redteaming processesAssist with scoping prospective engagements, leading engagements fromkickoff through remediation, and mentoring less experienced staffRequirements:Bachelor's degree in a technical field5+ years' experience in at least three of the following:Network penetration testing and manipulation of network infrastructureMobile and/or web application assessmentsEmail, phone, or physical social-engineering assessmentsShell scripting or automation of simple tasks using Perl, Python, or RubyDeveloping, extending, or modifying exploits, shellcode or exploit toolsDeveloping applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)Reverse engineering malware, data obfuscators, or ciphersSource code review for control flow and security flawsStrong knowledge of tools used for wireless, web application, and networksecurity testingThorough understanding of network protocols, data on the wire, and covertchannelsMastery of U