Google Cloud, through Mandiant, is recruiting a Senior Red Team Consultant to lead advanced adversary emulation and offensive security engagements for global enterprises and public sector clients. This senior role blends hands-on technical operations with trusted advisory work for executives and engineering leaders. If you thrive on creative tradecraft, clean execution, and crisp reporting, this opening gives you the platform, datasets, and teammates to operate at the highest level of the industry.
Quick summary table
Item |
Details |
|---|---|
Hiring organization |
Google Cloud, Mandiant |
Role title |
Senior Red Team Consultant |
Location |
Virginia, USA, remote eligible |
Travel |
Collaborative and client facing, as scoped per engagement |
Team |
Offensive Security within Mandiant’s consulting practice |
Focus |
Red and purple team operations, adversary emulation, tooling, reporting |
Seniority |
Senior individual contributor with mentoring responsibilities |
Salary range |
USD 132,000 to 194,000 base pay, plus bonus and equity, benefits included |
Contract type |
Full time |
Apply link |
careers.google.com |
About Google Cloud and Mandiant
Mandiant is Google Cloud’s front line for dynamic cyber defense. The group brings decades of breach response, global threat intelligence, and security validation experience to clients that operate in high risk environments. Consulting teams combine real intrusion tradecraft with intelligence on current adversary tactics, techniques, and procedures to produce assessments that mirror real world threats and drive measurable resilience.
Role overview
As Senior Red Team Consultant, you will plan and execute full scope offensive engagements, from initial scoping and rules of engagement through operations, analysis, and executive readouts. You will guide stakeholders through realistic attack scenarios across on premises, cloud, application, identity, and endpoint layers, then convert findings into prioritized action plans that improve detection, response, and preventive controls. The role is both hands on and advisory, with substantial ownership of methodology, tooling, and delivery quality.
Key responsibilities
Lead and execute offensive operations
- Build scenarios and objectives that map to credible adversary goals and constraints.
- Conduct adversary emulation, collaborative purple team exercises, and targeted penetration tests across networks, identity, applications, and cloud platforms.
- Apply stealth and operational security standards that respect client rules, monitoring thresholds, and safety controls.
Advisory and client communication
- Translate technical findings into business risk language for executives and program owners.
- Provide remediation roadmaps with detection engineering tickets, control hardening steps, and validation milestones.
- Maintain engagement hygiene, daily status, and change control.
Tooling, research, and methodology
- Develop or extend offensive tools and automation that improve reliability and signal quality.
- Integrate current threat intelligence into pretexting, payloads, and campaign sequencing.
- Document procedures, decision logs, and evidence to a standard that supports repeatability and audit.
Mentorship and team growth
- Coach consultants on tradecraft, scoping, reporting quality, and stakeholder management.
- Review deliverables for clarity, precision, and actionability.
Required qualifications
- Bachelor’s degree or equivalent practical experience in cybersecurity or a related field, with an offensive security focus.
- Five or more years across several domains such as red teaming, penetration testing, purple teaming, network or cloud security assessments, social engineering, scripting or tooling, reverse engineering, or secure code review.
- Proficiency with Linux or macOS security internals and operator workflows.
- Demonstrated ability to lead engagements end to end, including scoping, operations, measurement, reporting, and remediation support.
Preferred qualifications
- Recognized offensive security certifications such as OSCE, OSEP, OSEE, OSCP, CCSAS, CCT INF, or equivalent SANS credentials.
- Programming experience that supports operator needs, for example Python, C Sharp, C or C Plus Plus, Rust, or Nim.
- Experience in consulting environments that require client advisory skills, proposal support, and constructive collaboration with sales and delivery leaders.
- Strong written and verbal communication that adapts equally well to engineers and executives.
What success looks like
- Engagements scoped to real risk, executed with discipline, and delivered with reports that drive clear action.
- Detections and control improvements verified through measurable validation steps.
- Well trained teammates who raise the floor on tradecraft, evidence handling, and narrative reporting.
- Reusable tools, payloads, and methods that shorten time to value without compromising safety or integrity.
Compensation and benefits
The posted United States base salary range is USD 132,000 to 194,000. Total compensation also includes bonus and equity, plus comprehensive benefits. The final package depends on role level, location, and individual experience. Benefit information and location specific ranges are available during the hiring process through Google Careers.
How to apply
- Prepare a focused resume that highlights recent offensive operations, specific TTPs, tool chains, and measurable outcomes such as new detections or dwell time reduction.
- Include concise engagement summaries with scope, constraints, your role, notable pivots, and business impact.
- Submit through Google Careers and indicate remote eligibility and location preferences.
Pro tip: attach or link to sample red team report sections with sensitive details removed. Demonstrate structure, clarity, evidence, and risk translation rather than raw command logs.
FAQs
Is the role fully remote?
The role is based in Virginia with remote eligibility. Specific location options are discussed during recruiting.
How senior is the position?
It is a senior individual contributor position with leadership in delivery quality and mentoring responsibilities.
What kinds of environments are in scope?
Enterprise networks, identity and access infrastructure, Windows and Linux estates, web and mobile applications, and major cloud platforms as permitted by client scope.
Which programming skills matter most?
Python for operator automation and analysis, plus at least one compiled language such as C Sharp, C or C Plus Plus, Rust, or Nim for payloads and tradecraft development.
What reporting standard is expected?
Evidence backed findings, reproduction steps, defensive relevance, mapping to frameworks such as ATT and CK, prioritized remediation, and validation criteria suitable for detection engineering.
Do I need a specific certification?
Certifications help but are not mandatory. Demonstrated delivery at scale and depth is the strongest signal.
Will I work with intelligence and product teams?
Yes. You will collaborate with intelligence analysts, incident responders, and product teams to align scenarios with current threats and to convert findings into durable control improvements.
For More Information Click Here
