Senior Threat Analyst

at

Mandiant

Denver, CO
Full Time
3y ago

Company Description

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at https://www.fireeye.com/company.html.

Job Description

The Role:

Advanced Practices’ mission is to know more about adversaries than anyone else and to make the knowledge actionable for Mandiant. Our threat analysts work at the intersection of incident response, security operations, detection engineering, and cyber threat intelligence.

You are an independent critical thinker skilled in using data and information derived from multiple disciplines to solve analytical problems. Your past experience qualifies you as an intrusion decisionmaker capable of guiding multiple teams’ efforts in a unified event.

You will track all impactful adversaries by collecting, modeling, and analyzing data originating from thousands of investigations conducted by Mandiant, third party telemetry, as well as novel sources and methods.

You are encouraged to contribute back to the security community by sharing your expertise through whitepapers, tool releases, and conference talks.

About Advanced Practices:

Advanced Practices was formed in 2015 to exclusively focus on the most difficult threats facing our clients and our company independent of product or business lines.  We work with every other Mandiant team to track, correlate, attribute, detect, and collect on our adversaries using advanced analysis and deep research.  Advanced Practices codifies and makes actionable the knowledge from thousands of annual event responses, all available organic telemetry, and other novel sources and methods.  As an extension of this work, Advanced Practices acts as key practitioners driving Mandiant’s larger development for technology, process, and thought leadership.

Illumination.  Advanced Practices illuminates under-reported or uncorrelated intrusion activity to expose and amplify complex adversary activity. We search for the nearly imperceptible traces of attackers wherever we can find them and seek to surface their activity for action.

Front-line Visibility. Our team of 40+ talented security research and threat analysis professionals bring centuries of experience investigating intrusions, analyzing malware, and dissecting digital artifacts to deliver front-line innovation for Mandiant/.

Threat Discovery. Our goal is simple: to know the most about adversaries and make this knowledge actionable. Advanced Practices enables early discovery and analysis of adversary operations and their tradecraft so that our customers are protected.

It’s How that Works. Our team studies the world’s most impactful intrusions from the Mandiant frontlines to understand how apex attackers operate. The focus on technical evidence and how our adversaries operate powers the who our adversaries are and contributes to more how’s to keep the cycle in motion.

Surfacing the Unseen. We look for unique features and common adversary methods across all intrusions and malware so we can develop resilient monitoring, detection, and discovery of attacker activity. We set proactive traps and develop threat signals to capture real-time and historic adversary activity from important, evasive, and emerging threats.  Additionally, we examine historical data for new patterns based on recent finds.

Responsibilities:

  • Be the expert in tracking and assessing impactful adversaries
  • Analyze technical data to extrapolate adversary methodologies and identifiable characteristics
  • Fully exploit all available leads identified through investigations to provide a comprehensive understanding of the adversary’s activity in a holistic sense while combining different datasets for maximum exposure
  • Assess, cluster, & attribute seemingly disparate activity into related intrusions & campaigns
  • Communicate analytical findings through curating/modeling data and providing customer-facing attribution work
  • Deconflict complicated analytical efforts using organic data
  • Work with multiple expert teams simultaneously in stressful environments and timeframes

Qualifications

Minimum Requirements:

  • 2 + years of experience in an analytical role of either network forensics, threat analyst, or security consultant/engineer
  • 2 + years of experience in Investigative or Incident Response environments
  • 2 + years of experience with direct delivery of technical information to clients or public in reports or presentations
  • Familiar with at least five of the following areas (and a willingness to learn the rest):
    • Graph theory
    • Encoding and decoding
    • Windows desk and memory forensics
    • Static and dynamic binary analysis
    • Network flow and traffic analysis
    • Email analysis
    • Log analysis
    • Security Operations processes
    • Incident Response processes
    • Enterprise security controls
    • Intrusion operations
    • Commercial threat intelligence data sources (internet scan data, passive DNS, domain registrant information, malware repositories)

Additional Qualifications:                                        

  • Proven analytical leadership skills with the ability to prioritize and execute
  • Ability to set and manage expectations with senior stakeholders and team members
  • Strong problem solving, troubleshooting, and analysis skills
  • Experience working in fast-paced development environments
  • Self-driven, proactive, hardworking, creative, team-player
  • Excellent communication and presentation skills with the ability to present to technical and non-technical audiences
  • Exceptional written communication skills

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Minimum Salary: $100,000. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. 

Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from FireEye’s Compensation Committee, and vesting terms  

Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, FireEye also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. FireEye also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.  

*Disclosure as required by sb19-085 (8-5-20

Apply for this job

Click on apply will take you to the actual job site or will open email app.

Click above box to copy link
Copied
Get exclusive remote work stories and fresh remote jobs, weekly 👇
View all remote jobs
Onkar By: Onkar