Security Analyst -

Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone.  Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

The Mandiant FireEye Consulting team is seeking a passionate and highly skilled SOC TI/TII analyst to support a critical customer mission!  The SOC TI/TII analyst is the point individual for floor activity and will frequently interface with the Federal SOC leadership, component security staff, and external Federal leadership. This person shall be knowledgeable handling security events and tracking them from start to closure. The SOC TI/TII analyst shall ensure security events are understood and should have the ability to perform analysis on events to determine their impact on the Customer’s Enterprise. The SOC TI/TII analyst shall be able to competently operate any security tools being used and place and escalate security tickets. 

If you are fanatical about security, will do whatever it takes to keep the bad guys out, enjoy hunting for attackers, thrive on responding to security incidents and interested in designing creative solutions that enhance our clients security posture then we want to hear from you!

Responsibilities:

• Place Tickets, collect artifacts and escalate security issues
• Provide strong leadership and guidance in a Security Operations Center
• Provide recommendations to SOC leadership
• Review, document and establish workflows
• Support process improvement and updates to Standard Operating Procedures to optimize resources
• Brief SOC leadership on cyber security events and other incident related issues
• Provide expert, independent services and leadership in specialized technical areas. Provides expertise on an as-needed basis to all task assignments.
• Provides expert advice and assistance in state-of-the-art software/hardware.
• Coordinates with contractor management and Government personnel to ensure that the problem has been properly defined and that the solution will satisfy the Government’s requirement.

• Active TS/SCI Clearance (or SCI Eligible) 
• Bachelor’s degree (or equivalent work experience). Relative experience may be substituted for a degree.
• Minimum 6 years of cyber security operations experience, 8 years of overall experience. Security certifications can also substitute experience.
• 3+ years of expertise and knowledge of Packet Analysis, SIEM Operation, how exploits work and appear within network traffic, intrusion detection technology, understanding root kits, exploits, and other types of malware.
• Fundamental understanding of network protocols and TCP/IP.
• Awareness and understanding of popular attack tools (e.g.. Zeus, Blackhole, Slowloris, LOIC, Cryptolocker, Pony Loader, etc.)
• Ability to communicate effectively the actual status of an incident, attack, or other cyber issue.
• Awareness of tradecraft used by Nation State APT actors
• Experience with the critical tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations
• Understanding of cyber security operations, event monitoring, and SIEM tools
• Capability to support the following systems:  ArcSight SIEM; Splunk; Novetta Cyber Analytics; FireEye MPS Suite; Snort IDS; Bro IDS; Fidelis XPS; CloudShield Trusted Cyber Solution Orchestrator; Microsoft Advanced Threat Analytics; Counterattack Active Defense
• Familiarity with Unix, Linux, and Windows operating systems and administrative tools
• Understanding of security controls for common platforms and devices, including Windows, Unix, Linux, and network equipment
• Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executive
• Excellent written communication skills
• Ability to support cybercrime investigations to include seizure, analysis, and data recovery
• Ability to determine false positives quickly based on detection and to escalate true positives as appropriate

Additional Qualifications:

• Familiarity with ticketing systems such as Jira is desired
• Prior military experience is desired
• Prior shiftwork experience is desired
• GCIA, GCIH, and similar IR Certifications desired

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This is a regionally-based role that must be located in Washington DC, Maryland, or Northern Virginia and will require travel to Washington DC.