Penetration Tester (TS/SCI) Fireeye, Inc.
Arlington, VA

Job Description

FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,000 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

The FireEye Mandiant Consulting team is seeking a Penetration Tester to support a specialized Information Assurance and System Security Engineering program in support of a national security client. The scope of the program includes security assessment and testing, information system security oversight activities, and development of remediation recommendations to protect complex systems from attacks from sophisticated threat actors. The Penetration Tester will be responsible for leading security assessments of new and existing systems, performing research for the development of new security architectures, and testing tactics, techniques, and procedures for the protection of information.

Responsibilities:

* Perform network vulnerability assessments and penetration testing as requested; testing may also include application assessments, threat analysis, wireless network assessments and social engineering
* Develop comprehensive and accurate reports and presentations for both technical and executive audiences
* Effectively communicate findings and strategy to customer stakeholders, including technical staff, executive leadership and legal counsel
* Recognize and safely utilize vulnerability assessment tools as well as attacker tools, tactics and procedures
* Develop scripts, tools or methodologies to enhance the vulnerability assessment and penetration testing processes
* Lead security assessments from kickoff through remediation, mentoring less experienced staff

Requirements:

* Bachelor's degree in a technical discipline, or equivalent experience
* 6+ years of security assessment and/or security engineering experience
* Experience performing and leading advanced assessments related to network device, application, source code, database, middleware and host security
* Hands-on experience with commercial tools commonly used to perform security assessments (e.g., Metasploit, Nessus, Nexpose, Core Impact, WebInspect, Burp, Fortify, Retina, AppDetective)
* Strong knowledge of common attack techniques (e.g., SQL injection, fuzzing, parameter manipulation)
* Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
* Experience building and testing reference architectures
* Expertise consulting with stakeholders to define needs, develop requirements and analyze findings to advise and recommend solutions
* Deep understanding of the technical, operational, policy and legal nuances associated with the relationships between the government and private sector service providers
* Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives
* Excellent written communication skills
* Active Top Secret clearance with SCI eligibility

Additional Qualifications:

* Certified Information Systems Security Professional (CISSP) certification desired
* Specific expertise in security engineering related to the architecture utilized by ISPs and other commercial service providers desired
* Experience with malware analysis and reverse engineering desired

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.