FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 9,000 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
A successful Application Penetration Tester working as a Red Team consultant at FireEye should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionality and be able to learn advanced concepts such as application manipulation, vulnerability discovery and analysis, as well as exploit development.
This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and hardware to breach the security of a target system or reverse engineering an application and encryption method in order to gain access to sensitive data. If you have experience performing penetration test against web applications, mobile applications, thick/thin clients, or embedded devices and can present your findings in a digestible manner while demonstrating strong analytical skills, then you’re the type of consultant we’re looking for.
At FireEye, you’ll be faced with complex problem-solving opportunities and hands-on testing opportunities on a daily basis. We help our clients protect their most sensitive and valuable data through using real-word application penetration testing methodologies and by ensuring our consultants are up-to-date with the latest trends and techniques. Your ability to bring and utilize these skill sets is only the beginning, as it will be expected of you to continue to digest new information from both your peers and the greater security community to further enhance your skillsets and knowledge.
You are expected to quickly assimilate new information with respect to the latest technologies, as you will assess new applications on a weekly or monthly basis. You will be expected to understand all the threat vectors and the attack surface of each application to properly assess them. You will get to work with some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?
- Perform web and mobile application testing, source code reviews, thick/thin application testing, and embedded device testing
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to enhance FireEye Mandiant’s application penetration testing processes
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
- 4-7 years' experience in at least two of the following or demonstrating above average ability in one of the following:
- Web Application Assessments
- Mobile Application Assessments
- Thick/Thin Application Assessments
- Embedded Devices Assessments (IOT)
- Source Code Review
- Reverse Engineering
- Additional skill sets or experience should include four or more of the following:
- Participation in web hacking challenges, competitions or bug bounties
- Development of tools or plugins used to conduct testing and analysis
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
- Shell scripting or automation of simple tasks using Perl, Python, or Ruby
- Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
- Reverse engineering malware, data obfuscators, or ciphers
- Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms
- Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
- Mastery of Unix/Linux/Mac/Windows operating systems, including bash or other programming languages
- Must be eligible to work in the US without sponsorship
- Computer science degree preferred
- Ability to travel up to 30%
- Ability to successfully interface with clients (internal and external)
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance own time among multiple tasks, and lead junior staff when required
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
This is a regionally-based role that must be located in Illinois, Indiana, Iowa, Kansas, Louisiana, Michigan, Minnesota, Missouri, Nebraska, Ohio, Texas, or Wisconsin