Senior Cloud Penetration Tester at Mandiant, Inc.
Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instillsconfidence in their readiness to defend against and respond to cyber threats.
A successful Cloud Penetration Tester – Red Team at Mandiantshould possess a deep understanding of both information security and computer science. They should understand basic concepts such as cloud networking, identity and access management, console, applications, functions, and other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. This is not a “press the ‘pwn’ button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could be breaking into a web application hosted in the cloud, accessing sensitive information or compromising the environment, all without being detected. If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in cloud infrastructure, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.
At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real-world scenario testing. The objective doesn’t end at gaining “global admin” or “root”; this is expected and is only the starting point.
You are expected to quickly assimilate new information as you will face new client environments on a recurring basis. You will be expected to understand the applicable threat vectors for each environment and assess them properly. You will get to work with some of the best red teamers in the industry, enabling you to develop new skills as you progress through your career. Are you up to the challenge?
• Perform cloud penetration testing, red teaming, remediation activities, and threat analysis assessments
• Developcomprehensiveand accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop scripts, tools, or methodologies to enhance Mandiant’s red teaming processes
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
• 2-3years experience in the following:
• Azure, AWS, GCP, and Kubernetes
• Strong knowledgeof IAM, VPCs, Storage containers, Databases, Functions, Logging, APIs, etc.
• Cloud penetration testing and manipulation of cloud network infrastructure
• Cloud architecture design
• Development and usage of Terraform, Docker, Ansible, etc.
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits or exploit tools
• Function code review for control flow and security flaws
• Strong knowledge of tools used for cloud and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Mastery of Unix/Linux/Mac/Windows operating systems, including Bash andPowerShell
• Must be eligible to work in the US without sponsorship
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required
• Incident Response, Incident Remediation, and Security Architecture experience
• Knowledge of cloud-based CI/CD products, such as AWS Code Pipeline, Azure DevOps, and GCP Cloud Build
• Knowledge of tools such as Terraform integrated with cloud-based CI/CD products
• Ability to travel up to 20%
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire. At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Minimum Salary: 135,400.00. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant’s Compensation Committee, and vesting terms.
Benefits: Whether you are just starting your career, reaching a milestone, or gearing up for retirement, we offer plans and programs to keep you happy and healthy at any stage of life. We regularly evaluate our options to make sure they’ve got everything you need. Part of what makes Mandiant great is our diverse team, and we’ve made it our priority to provide benefits that support you on your individual journey at work and at home. Mandiant subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance.Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program.Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
For Remote Senior Cloud Penetration Tester roles, visit Remote Senior Cloud Penetration Tester Roles
Software Security Test Project Engineer at Rockwell Automation
Job DescriptionAbout UsDo you want to make a difference in the world? At Rockwell Automation you can do just that and more. Rockwell is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential technology to expand what is humanly possible, making the world more productive and sustainable. Rockwell is recognized as one of the World’s Most Ethical Companies in 2020. We place a high value on integrity which fosters an environment where all employees can and want to do their best work. To learn more about how we are bringing The Connected Enterprise to life across industrial enterprises, please visit www.rockwellautomation.com.Position DescriptionRockwell Automation is a world leader in Industrial Automation. We are continuing to expand our portfolio of award-winning software products and services. The Software Security Test Engineer will be responsible for leading the analysis and implementation of penetration and vulnerability testing with Rockwell Automation web and cloud-based software.The candidate will be a member of a small to medium-sized team and will perform in a leadership role. He or she will collaborate with other teams.The candidate will identify and implement new tools and frameworks to enhance penetration and vulnerability test coverage. Additionally, maintaining and enhancing existing penetration tools will be expected.Essential FunctionsArchitects Penetration Testing solutions for Software products – web-based, cloud and traditional desktop.Performs complex Penetration Test investigations, reporting on problems encountered and documenting results for follow-up.Leads in the development of Security Penetration Test strategies and frameworks.Lead the reviews of internal and external penetration test plans.Ability to drive change within the Security Test organization.Participates in software/product design and implementation reviews.Ability to influence the design and architecture of the software to meet the needs of Security Test.Provides input into the design and implementation of product and system test set-ups as related to Security Test.Leverages own expertise by sharing lessons learned, documenting processes, contributing to team de-briefs, etc.Basic Qualifications:Bachelor of Science in Computer Science, Computer Engineering or related technical disciplinePreferred Qualifications:Bachelor of Science in Computer Science or Computer Engineering with a concentration in software; or equivalent knowledge in the areas of security engineering or software engineering (software requirements analysis, software design, software testing, software automationTypically requires a minimum of 8 years’ experience in Security Test Automation, Software Testing, Software Development, Applications Engineering, Technical Support, or other Test Automation roles.In depth knowledge of Security Test, Penetration testing, and vulnerability analysis.Demonstrated experience with penetration and vulnerability testing of web and cloud software solutions. Skilled in the appropriate test tools.Certifications such as CISSP, GWAPT and/or GCPN preferred.Excellent verbal and written communication skills.Experience with Rockwell Automation software or other industrial control software is preferred.Experience with Python is preferred.*This position is part of a job family. Experience will be the determining factor
For Remote Software Security Test Project Engineer roles, visit Remote Software Security Test Project Engineer Roles