Job Description
A successful Mandiant Red Team manager should possess a deep understanding of both information security and computer science and have experience leading a team of highly technical red teamers. They should understand advanced Red Team concepts such as performing covert operations against complex networks while remaining entirely undetected, advanced application manipulation, and basic programming concepts. Mandiant Red Team managers are expected to be as technical as the consultants they manage and will assist on the most difficult engagements. A typical engagement could be breaking into a segmented secure zone at a Fortune 500 bank, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. If you can operate at scale while remaining stealthy, identify and abuse misconfigurations in network infrastructure, and manage a team of highly skilled, technical individuals, then this is the job for you.
Mandiant Red Team managers are the lead project managers for all offensive engagements. This includes scoping prospective engagements, managing team metrics, establishing quarterly goals team growth, conducting performance reviews and 1:1 meetings, scheduling resources for projects, managing multiple projects from kickoff to completion, and delivering executive out-briefs. Managers are vital to the project lifecycle and must be able to deliver successful projects with little to no oversight.
At Mandiant, you’ll be working and managing some of the best experts in the industry and faced with complex problem-solving opportunities daily. We help our clients protect their most sensitive and valuable data through comprehensive and real-world assessments. The objective doesn’t end at gaining “domain admin” or “root”; this is expected and is only a means to an objective.
You are expected to quickly assimilate new information as you will face new client environments on a weekly or monthly basis. You will be expected to understand all the threat vectors to each environment and properly assess them. You will get to work with and manage some of the best red teamers in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?
Responsibilities:
Manage consulting engagements, with a focus on advanced Red Team operations and penetration tests. Provide both subject matter expertise and project management experience to serve as the “point person” for engagements
Assist with scoping prospective engagements, participating in engagements from kickoff through completion, and mentoring less experienced staff
Identify, market, and develop new and pull-through business opportunities
Articulate Mandiant’s capabilities in marketing discussions, proposal efforts, and capability briefings
Supervise staff, provide feedback and coaching, and grow their technical and consulting skills
Improve Mandiant’s business processes and red team methodologies.
Job Requirements:
Minimum five (5) years of experience leading or managing technical teams
5-8 years experience in at least three (3) of the following:
Network penetration testing and manipulation of network infrastructure
Mobile and/or web application assessments
Email, phone, or physical social-engineering assessments
Shell scripting or automation of simple tasks using Perl, Python, or Ruby
Developing, extending, or modifying exploits, shellcode or exploit tools
Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
Reverse engineering malware, data obfuscators, or ciphers
Source code review for control flow and security flaws
Strong knowledge of tools used for wireless, web application, and network security testing
Thorough understanding of network protocols, data on the wire, and covert channels
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
Polished presentation skills, to include capabilities at technical, executive, and board levels
Candidates will have one or more of the following: * CREST Certified Simulated Attack Specialist (CCSAS)
CREST Certified Simulated Attack Manager (CCSAM)
CREST Certified Tester of Infrastructure (CCT INF)
Offensive Security Certified Expert (OSCE)
Offensive Security Evasion Techniques and Breaching Defences (OSEP)
Offensive Security Advanced Windows Exploitation (OSEE)
Penetration Testing and Ethical Hacking/Purple Team SANS courses
Ability to manage multiple projects and manage tight deadlines
Prior training and public speaking engagement experience
Ability to travel up to 20%
Ability to successfully interface with clients (internal and external)
Ability to prepare and review customized contracts for security consulting services
Ability to document and explain technical details in a concise, understandable manner
Ability to manage and balance own time among multiple tasks, and lead junior staff when required
#J-18808-Ljbffr