Application Penetration Tester – Red Team (Remote Central US) at FireEye
Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.
A successful Application Penetration Tester working as a Red Team consultant at Mandiant should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, vulnerability discovery and analysis, as well as exploit development.
This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and hardware to breach the security of a target system or reverse engineering an application and encryption method in order to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications, thick/thin clients, or embedded devices and can present your findings in a digestible manner while demonstrating strong analytical skills, then you’re the type of consultant we’re looking for.
At Mandiant, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through using real-world application penetration testing methodologies and by ensuring our consultants are up-to-date with the latest trends and techniques. Your ability to bring and utilize these skill sets is only the beginning, as it will be expected of you to continue to digest new information from both your peers and the greater security community to further enhance your skillsets and knowledge.
You are expected to quickly assimilate new information with respect to the latest technologies, as you will assess new applications on a weekly or monthly basis. You will be expected to understand all the threat vectors and the attack surface of each application to properly assess them. You will get to work with some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?
Perform web and mobile application testing, source code reviews, thick/thin application testing, and embedded device testing
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
Develop scripts, tools, or methodologies to enhance Mandiant’s application penetration testing processes
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
4-7 years’ experience in at least two of the following or demonstrating above average ability in one of the following:
Web Application Assessments
Mobile Application Assessments
Thick/Thin Application Assessments
Embedded Devices Assessments (IOT)
Source Code Review
Additional skill sets or experience should include four or more of the following:
Participation in web hacking challenges, competitions or bug bounties
Development of tools or plugins used to conduct testing and analysis
Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
Shell scripting or automation of simple tasks using Perl, Python, or Ruby
Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
Reverse engineering malware, data obfuscators, or ciphers
Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms
Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis
Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
Mastery of Unix/Linux/Mac/Windows operating systems, including bash or other programming languages
Must be eligible to work in the US without sponsorship
Ability to travel up to 30%
Ability to successfully interface with clients (internal and external)
Ability to document and explain technical details in a concise, understandable manner
Ability to manage and balance own time among multiple tasks, and lead junior staff when required
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire. At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Minimum Salary: 100,900.00. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant’s Compensation Committee, and vesting terms.
Benefits: Whether you are just starting your career, reaching a milestone, or gearing up for retirement, we offer plans and programs to keep you happy and healthy at any stage of life. We regularly evaluate our options to make sure they’ve got everything you need. Part of what makes Mandiant great is our diverse team, and we’ve made it our priority to provide benefits that support you on your individual journey at work and at home. Mandiant subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.
For Remote Application Penetration Tester – Red Team (Remote Central US) roles, visit Remote Application Penetration Tester – Red Team (Remote Central US) Roles
Penetration Test Operator (Remote_ at Motorola Solutions
If you are a current Motorola Solutions employee, please click this link to apply through your Workday account.
Motorola Solutions is there for our customers when everything is on the line. In extreme moments — when a hurricane lands or when a fire breaks out. And in everyday moments — when a package arrives just in time for the holiday or when a child doesn’t miss the school bus home.
We unify voice, data, video and analytics in one integrated ecosystem to enable individuals, businesses and communities to work together in more powerful ways. To help people make better decisions, act confidently and be their best in the moments that matter. Bring your passion, potential and talents to Motorola Solutions and connect with a career that matters.
Motorola Solutions is building talent pipelines to meet future hiring demands. This is a pipeline role, while there may not be an immediate opening, we want to build relationships with prospective candidates. If your background is a match to our requirements, we will follow up with an exploratory conversation.
As a Penetration Test Operator in our Products and Services Red Team, you will have the opportunity to apply your “outsider mindset”, cybersecurity skills, and experiences to mission-critical products and services. You will be positioned as a technical leader in the Red Team and as a subject matter expert in your areas of specialization like Cloud, Web, Mobile/Apps, Embedded/IoT, Hardware. Work with all parts of the company to drive a cybersecurity culture, establish meaningful relationships, and directly influence the way we create secure, market-leading, mission-critical products. This position has less than 10% travel and a remote location may be considered
Your day to day responsibilities will include the following:
• Planning and execution of penetration tests
• Documentation and report writing
• Data, code, and vulnerability analysis
• Tool and Script development
• Collaboration with Development Teams
• Research and Training
• Strong written and verbal communication skills
• Effective collaboration and team integration
• Advanced problem-solving abilities through imaginative and creative thinking
• The ability to deal with ambiguity and adapt to ad hoc tasks
• Be able to self-identify tasks and needs and start work independently
• Maintain an insatiable curiosity and an aggressive outsider mindset
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications, Federal Risk and Authorization Management Program (FedRAMP)
• Thorough understanding of cybersecurity and penetration testing methodologies like Mitre ATT&CK and Cyber Kill Chain
• Good understanding of Windows/Linux based Operating Systems and networking
• A comprehensive understanding of cloud computing models, technologies, and concepts
• The ability to perform penetration testing activities on Web Applications, Cloud Infrastructure, Mobile Operating Systems and Applications, IoT
Additional Qualified Skills:
• The ability to execute a penetration testing project independently, for the full project lifecycle
• One or more of the following are desired: OSCP, OSCE, GPEN, GWAPT, GMOB, GAWN, GXPN, and/or the ability to pass OSCP within 6 months of hire
In addition, the candidate must possess the following:
• Bachelor’s degree or equivalent work experience and/or Military service
• 1+ years of substantive Engineering, Software Development, and/or Architecture knowledge
• 1+ years of active hands-on experience in performing external and internal penetration tests/ethical hacking as a primary responsibility using industry-standard tools
• US Citizen with the ability to obtain necessary security clearance as required by government contract
Motorola Solutions has implemented a voluntary COVID-19 vaccination policy. We strongly encourage all employees to be fully vaccinated. Any employee who is not vaccinated must wear a mask at all times when at a Motorola Solutions site or otherwise meeting with other Motorola Solutions employees or customers. Employees who have submitted proof of vaccination must follow site-specific or local mask requirements. Additionally, certain local governments or Motorola Solutions’ customers may have vaccine requirements that apply to some of our employees.
Referral Payment Plan
Our U.S. Benefits include:
• Incentive Bonus Plans
• Medical, Dental, Vision benefits effective Day 1
• 401K with Company Match and Day 1 vesting
• 9 Paid Holidays
• Generous Paid Time Off Packages
• Employee Stock Purchase Plan
• Paid Parental & Family Leave
• and more!
Motorola Solutions is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran’s status, or, any other protected characteristic.
For Remote Penetration Test Operator (Remote_ roles, visit Remote Penetration Test Operator (Remote_ Roles
Senior Security Consultant, Penetration Tester at TalentFish LLC
Location: St. Charles
Job Title: Senior Security Consultant, Penetration Tester
Primary Location: Chicago, IL and surrounding areas
Position Type: Direct hire
TalentFish is casting a line for a Senior Security Consultant, Penetration Tester. This is a remote direct hire position covering the Chicago metropolitan area and within the state of Illinois. Local travel will be required.
Our client is a premier global Information Security organization that delivers managed cybersecurity solutions. Come join one of the industry’s Top Rated service providers!
WHAT YOU’LL NEED:
Education and Experience »
• Bachelor’s degree in computer and information science, or IT equivalent
• Requires 5+ years of experience in network security and/or security consulting.
• Requires 3-5+ years of experience solely performing penetration testing.
Knowledge, Skills and Abilities »
Core Qualifications (Required)
• Hands-on experience with security assessment and testing tools, including Nmap and BurpSuite.
• Familiar with red team testing protocols and cybersecurity frameworks like OWASP, OSSTMM, PTES.
• Proven expertise and strong communication skills that are needed to translate technical jargon into business familiar language.
• Knowledgeable with common programming languages including C, C++, C#, Java, SQL, or PHP.
• Network administration skills used to test internal systems such as firewalls and IPS/IDS devices.
• Knowledge with Windows, UNIX, and Linux operating systems.
• Experienced with encryption technologies, ethical hacking, and penetration testing.
• Ability to manage the Internet protocol suite.
• Proven ability to audit an IT environment and provide security and process recommendations.
Preferred Qualifications (Nice to have)
• Security certifications such as OSCP, GWAPT, and GPEN are preferred.
WHAT YOU’LL DO:
• Perform penetration testing to assess and identify security vulnerabilities of networks, applications, and systems. Conducts manual and automated penetration tests including blackbox, graybox, and whitebox.
• Mentor and train team
• Perform and oversee a few concurrent assessments from beginning to end including acknowledgment to client and management; all work as defined by the appropriate methodologies; generation, editing, and reporting of deliverables; and debriefing with clients.
• Update project ticket each time an action is taken on assigned projects.
• Analyze and evaluate findings to identify weaknesses of the environment.
• Utilize a variety of assessment tools, such as Nmap, BurpSuite, Kali Linux; and scripting languages like Bash, Python, Perl or Ruby.
• Document testing results and present suggestions for the development of countermeasures and security improvements.
• Identify vulnerable systems and suggest remediation steps.
• Implement and advise strategies for software and hardware defense.
TalentFish is an employee-owned company pioneering a new realm in talent acquisition. We are redefining IT staffing by evolving AI, video screening and our unique platform. TalentFish focuses on providing the best employee, consultant, and client experience possible.
At TalentFish we are an Equal Opportunity Employer we embrace and encourage diversity!
For Remote Senior Security Consultant, Penetration Tester roles, visit Remote Senior Security Consultant, Penetration Tester Roles