SOC Incident Analysis

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. 

The Security Operations Center (SOC) Incident Analyst role will report to the SOC Lead Analyst and is responsible for detecting and responding to potentially malicious security incidents escalated by FireEye Managed Defense or other members of the SOC team. The SOC Incident Analyst is a technical position that requires experience conducting and managing primary or low-level incident response efforts, including incident triage, initial remediation, and further escalation of more critical incidents to the Lead SOC Analyst and SOC Manager.  While the SOC Incident Analyst will spend time working off of incident playbooks, a large portion of the analyst’s time will be working in security analytics and improving incident response processes, which will include assisting security tools administrators in improving rules and alerts on incident monitoring tools.

Candidates for this position must enjoy working as a member of a highly technical team in a rapidly changing environment, be innovative and creative in detection tactics and techniques, and passion for protecting client data and corporate assets from diverse threats.

What You Will Do:

• Conduct real-time analysis using the SIEM, FireEye technologies, and other security analytics tools with a focus on identifying security events and false positives.  Analyze potential security incidents and escalate to SOC Lead Analyst for further triage or analysis. 
• Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools.
• Research and leverage cybersecurity intelligence sources to improve SOC incident detection and response capabilities.
• Create and maintain operational reports for Key Performance Indicators and weekly and monthly metrics.
• Perform triage and response activities related to suspected phishing emails reported to the information security team.
• Investigate and advise on potential risks and active vulnerabilities identified within the monitored network environment.

Minimum Qualifications: 

• 2+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
• 1+ years experience with security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, DDoS protection, and firewalls
• 1+ years experience Experience utilizing FireEye technology stack for security event triage and analysis and incident response
• 1+ years experience analyzing and inspection log files, network packets, and any other security tool information output from multiple system types

Preferred Qualifications:

• One or more of the following certifications are recommended:  CompTIA Security +; CompTIA Network +; Information systems Security Professional (CISSP); SANS-GIAC certification (Security Essentials/GCIH, GCED, GCIA, GNFA, GPEN, GWAPRT); CISCO (CCNA); EC-Council (CEH, LPT)
• Knowledge of Microsoft Windows systems including active directory and Unix systems
• Familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, network protocols
• Team-oriented and skilled in working within a collaborative environment
• Solid written and communication skills with the ability to present ideas in business-friendly and user-friendly language
• Proven problem-solving abilities
• Willingness to acquire in-depth knowledge of network and host security technologies and products (such as endpoint, network, email security) and continuously improve these skills
• Ability to clearly and concisely document and explain technical details (e.g. experience documenting incidents, technical writing, etc.)
• Collaborate with peers and multiple teams to identify improvements and identify areas for tuning use cases or signatures to enhance monitoring value
• Participate in technical meetings and working groups to address issues related to malware, threats, vulnerabilities, and cybersecurity preparedness

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This is a regionally-based role and candidates must be located in the Northeast Region of the United States, including New York, New Jersey, Rhode Island, Massachusetts, New Hampshire and other states within the eastern time zone.