Senior Cloud Penetration Tester at Mandiant, Inc.
Company DescriptionSince 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instillsconfidence in their readiness to defend against and respond to cyber threats.
A successful Cloud Penetration Tester – Red Team at Mandiantshould possess a deep understanding of both information security and computer science. They should understand basic concepts such as cloud networking, identity and access management, console, applications, functions, and other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. This is not a “press the ‘pwn’ button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a web application hosted in the cloud, accessing sensitive information or compromising the environment, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in cloud infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.
At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real-world scenario testing. The objective doesn’t end at gaining “global admin” or “root”; this is expected and is only the starting point.
You are expected to quickly assimilate new information as you will face new client environments on a recurring basis. You will be expected to understand the applicable threat vectors for each environment and assess them properly. You will get to work with some of the best red teamers in the industry, enabling you to develop new skills as you progress through your career. Are you up to the challenge?
• Perform cloud penetration testing, red teaming, remediation activities, and threat analysis assessments
• Developcomprehensiveand accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
• 2-3years experience in the following:
• Azure, AWS, GCP, and Kubernetes
• Strong knowledgeof IAM, VPCs, Storage containers, Databases, Functions, Logging, APIs, etc.
• Cloud penetration testing and manipulation of cloud network infrastructure
• Cloud architecture design
• Development and usage of Terraform, Docker, Ansible, etc.
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits or exploit tools
• Function code review for control flow and security flaws
• Strong knowledge of tools used for cloud and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Mastery of Unix/Linux/Mac/Windows operating systems, including Bash andPowerShell
• Must be eligible to work in the US without sponsorship
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required
• Incident Response, Incident Remediation, and Security Architecture experience
• Knowledge of cloud-based CI/CD products, such as AWS Code Pipeline, Azure DevOps, and GCP Cloud Build
• Knowledge of tools such as Terraform integrated with cloud-based CI/CD products
• Ability to travel up to 20%
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position is covered under Mandiant’s COVID-19 Vaccination Policy and therefore proof of vaccination against COVID-19 will be required as a condition of hire.
At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
This is aregionally-basedrole that mustbe located in Illinois, Indiana, Iowa, Kansas, Louisiana, Michigan, Minnesota, Missouri, Nebraska, Ohio, Texas, or Wisconsin
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
For Remote Senior Cloud Penetration Tester roles, visit Remote Senior Cloud Penetration Tester Roles
Vulnerability Analyst at Robert Half
Our non-profit client is looking for a Penetration Tester/Vulnerability Analyst. If you are excited about security and technology and have at least 3 years of experience conducting pen tests and assessments using both automated and manual TTPs and incident reporting and response. We are interested in speaking with you This is an ongoing contract looking to start right away. Pluses are CISSP certifications and scripting experience.
· A familiarity of Network and System architecture analysis. Fundamentals of network routing & switching and assessing network device configurations
· Scripting (Windows/*nix), Bash, Python, Perl or Ruby, Systems Programming
· Strong familiarity with OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
· OSCP, GPEN, GWAPT, or other Penetration Testing certifications
· CISSP, CEH
· Understanding and prioritization of using a tool (not selected yet) for reports and addressing issues with vendor
· Performs Vulnerability Assessments and Penetration testing, including Web Application Assessments and Social Engineering.
· Briefs executive summary and findings to stakeholders to include Sr. Leadership
· Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
· Assesses the current state of the customer””s network security by identifying all vulnerabilities and security measures.
· Helps customer perform analysis and mitigation of security vulnerabilities.
· Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
Provided incident reporting and response capability
• Able to conduct PenTests and Vulnerability Assessments using Automated and Manual TTPs.
• Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
• Strong familiarity with OWASP
• Must be able to use the following and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
• Strong familiarity with OWASP top 10, PTES and NSA Vulnerability andPenetrationTestingStandards.
• OSCP, GPEN, GWAPT, or otherPenetrationTestingcertifications
• CISSP, CEH
Technology Doesn””t Change the World, People Do.®
Robert Half is the world””s first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.
Robert Half puts you in the best position to succeed by advocating on your behalf and promoting you to employers. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity – even on the go. Download the Robert Half app and get 1-tap apply, instant notifications for AI-matched jobs, and more.
Questions? Call your local office at Robert Half will consider qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. All applicants applying for U.S. job openings must be authorized to work in the United States. Benefits are available to temporary professionals. Visit [click apply for more job details];/a> for more information.
For Remote Vulnerability Analyst roles, visit Remote Vulnerability Analyst Roles
Vulnerability Analyst at HireRocket
Our non-profit client is looking for a Penetration Tester/Vulnerability Analyst.
If you are excited about security and technology and have at least 3 years of experience conducting pen tests and assessments using both automated and manual TTPs and incident reporting and response.
We are interested in speaking with you! This is an ongoing contract looking to start right away.
Pluses are CISSP certifications and scripting experience.
A familiarity of Network and System architecture analysis.
Fundamentals of network routing & switching and assessing network device configurations Scripting (Windows/ nix), Bash, Python, Perl or Ruby, Systems Programming Strong familiarity with OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
OSCP, GPEN, GWAPT, or other Penetration Testing certifications CISSP, CEH Understanding and prioritization of using a tool (not selected yet) for reports and addressing issues with vendorKey
Performs Vulnerability Assessments and Penetration testing, including Web Application Assessments and Social Engineering.
Briefs executive summary and findings to stakeholders to include Sr.
Leadership Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
Assesses the current state of the customer’s network security by identifying all vulnerabilities and security measures.
Helps customer perform analysis and mitigation of security vulnerabilities.
Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
Provided incident reporting and response capability.
Estimated Salary: $20 to $28 per hour based on qualifications.
For Remote Vulnerability Analyst roles, visit Remote Vulnerability Analyst Roles
Senior Security Engineer – Red Team at CME Group
Description This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation’s critical infrastructure. The Sr Cyber Security Engineer – Red Team will be an essential member of the Cyber Threat Simulation Team. This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red and purple team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data. Position Responsibilities Lead purple team exercises using automated tools, threat intelligence, and the MITRE ATT&CK Framework Participate in red team exercises that are intelligence driven to test cyber detections and response Build and maintain red team infrastructure automating functions where possible Continually research new offensive security tactics, techniques, and procedures Develop custom tools and tradecraft to automate tasks and increase the capabilities of the team Conduct ad-hoc penetration testing by using industry standard tools Participate in advanced social engineering campaigns to raise employee awareness Contribute to report creation using an appropriate rating to classify severity and prioritize remediation Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning Position Requirements A minimum of 5 years’ experience with industry standard red teaming tools (Cobalt Strike, Metasploit, Burp Suite, Nmap, Covenant, etc.) Understanding of purple team concepts and tools Expert knowledge of measuring and rating vulnerabilities based on principal characteristics of a vulnerability Expert knowledge in Windows and Linux system hardening concepts and techniques Expert knowledge of modern evasion and bypass techniques Expert knowledge creating custom payloads for red team exercises Experience with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.) Experience with at least one cloud environment (AWS, GCP, Azure) Recognized industry certifications (GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT etc.) Hands-on experience with cyber security assessment reporting Knowledgeable in Industry Security standards (ie:
ISO27002, NIST Cyber Security Framework, etc.) Operating knowledge of ITIL (ITIL Certification a plus) #LI-Hybrid #LI-JW1 CME Group:
Where Futures Are Made CME Group is the world’s leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we’re small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more. This position requires that you be fully vaccinated against COVID-19 by the date of hire. Proof of vaccination will be required as a condition of employment. CME Group complies with federal, state and local laws with respect to providing accommodations for individuals who are unable to receive the vaccine due to a medical condition or religious belief.
$80K — $100K
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
For Remote Senior Security Engineer – Red Team roles, visit Remote Senior Security Engineer – Red Team Roles
Attack and Penetration Application Security Senior Consultant at Protiviti
JOB DESCRIPTIONAre You Ready to Live Protiviti?The Protiviti Career provides opportunity to learn, inspire, and advance within a collaborative and diverse culture. We hire curious individuals for whom learning is a passion. Together, we focus on our mission of delivering confidence in a dynamic world – and the world has perhaps never been more dynamic.At every level, we champion leaders who live our values of integrity, inclusion, innovation and commitment to success. Imagining our work as a journey, we believe integrity guides our way, inclusion moves us forward together, and innovation creates new destinations.Living our values every day. That’s Living Protiviti. Are you inspired to make a difference? You’ve come to the right place.Where We Need You:We are seeking Application Security specialists to join our growing team.What You Can Expect:The Senior Consultantholdsa critical roleon our team. Senior Consultants lead their teamof security professionals on engagements attackingour client’sapplicationsand their platforms. Seniors serve as coaches, trainers, and mentors, helping our junior staff develop technical and professional capabilities.Your targets:Web applicationsMulti-tenant SaaS platformsComplex application environments with multi-cloud high-availability deploymentsMobile applications and their back-endYour clients:Banks and Financial firmsCloud and Technology providersGaming companiesManufacturing Healthcare Your team: Career ethical hackers and like-minded security professionalsSeasoned software developers The best and brightest consultants and internsSeniors are our subject-matter experts who use their creativity and problem-solving skills to uncover novel attacks to bypass client defenses to demonstrate impactful risk scenarios.Seniors use their application security expertise to help our clients enhance their development shops, helping them automate the mundane and focus their efforts on implementing meaningful security programs.The Senior Consultant is constantly learning, researching new technologies and vulnerabilities, and sharing this knowledge with the team. At the direction of managers, the Senior Consultant may be responsiblefor decision-making, ranging from engagement staffing and crafting unique deliverables, to the development and refinement ofour attack and penetration testing methodologies. What Will Help You Be Successful:It’s your hobby, yet it’s your job. It’s ajobby. You contribute to the infosec community via researchYour career goals include presenting at all three-hacker summer-camp cons.You are excited by the opportunity to work on bleeding edge technologies and help uncover vulnerabilities and security defects.You seek opportunities to interact with and mentor colleagues, including participating in the creation and rollout of training and developing skill sets. You really enjoy helping other people learn.You have an inherent interest in project management and team leadership. Do Your Talents Include the Following? Manual web application penetration testingMobile application penetration testing on iOS and AndroidAPI penetration testingSoftware development / Application architectureApplication threat modelingExperience in building security into the SDLC, DevOps, and secure coding practicesExperience in application threat modeling and application architectureAbility to work with a diverse portfolio of clients across industriesAbility to network and build relationshipsProject management and consistent communicationYour Educational and Professional Qualifications:Bachelor’s degree in a relevant discipline (e.g. MIS, CIS) or relevant experienceDemonstrable software development (academic or professional) highly preferredCertifications such as CISSP, GSEC, GIAC, OSCP, CPT are preferred
For Remote Attack and Penetration Application Security Senior Consultant roles, visit Remote Attack and Penetration Application Security Senior Consultant Roles