October 3, 2025

Web App Security Specialist, Red Team, Mandiant

Mid • Hybrid • On-site • Remote

$108,000 - $155,000/yr

Minimum qualifications:

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, a related technical field, or equivalent practical experience.
3 years of experience with penetration testing and red teaming functions, including network, web application, mobile, cloud, social engineering, scripting, or tool development.

Preferred qualifications:

Certifications related to offensive security including OSWE, GWAPT, GMOB, OSCE, OSEP, OSEE, OSCP, or equivalent mobile/web certifications.
Experience in one or more of the following such as network protocols, enterprise application design and architecture, mobile security, project management, “OWASP Top 10”, source code review, and reverse engineering.
Experience working in offensive security consulting.
Experience in software development and understanding of underlying programming languages such as C#, Python, ASP, .NET, ObjectiveC, Go, Java (J2EE) or similar.
Knowledge of tools used for both static and dynamic application testing.
Excellent communication, collaboration, and public speaking skills.

About the job

As a part of the Red Team Consultant role, you will perform application-focused offensive security assessments including web, mobile, and embedded device testing, expand team capabilities through tool creation, threat intelligence integration, and knowledge sharing, develop and deliver accurate reports and presentations for technical and executive stakeholders while acting as a trusted advisor, gain understanding of offensive security, threat actors and best practices and learn from executive mentors about advanced adversarial and evasion techniques to analyze and identify vulnerabilities.

This position is available to sit remotely in any state within the United States.

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

The US base salary range for this full-time position is $108,000-$155,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

Conduct offensive application cyber security engagements of a varied nature.
Address client concerns, issues, or escalations, and drive them to closure to maintain engagement value.
Advise clients on security best practices for remediating discovered issues.
Collaborate with internal teams to expand capabilities and deliver greater value to clients.
Research and learn continuously to expand knowledge and share insights with the team.

Google

Google LLC started as a PhD project by Larry Page and Sergey Brin in 1998 at Stanford University. Google LLC has blossomed into a behemoth of the tech world. With its mission to organize the world's information and make it universally accessible and useful, Google’s search engine is its crown jewel. Online advertising, via AdWords and AdSense, forms the backbone of its financial success. Beyond search, Google has ventured into cloud computing, hardware, and software development. The innovative PageRank algorithm revolutionized search engine technology, and surviving the dot-com bubble burst and going public in 2004 spurred its meteoric growth. Acquiring YouTube stands as a testament to Google’s strategic expansion.