Lead Cyber Threat Analyst (TS/SCI)

Full Time
Chantilly, VA
Industry: Computer & Network Security
Areas of Interest: All Source Intelligence, Digital Forensics, Exploitation Analysis, Incident Response, Threat Analysis, Vulnerability Assessment and Management
report a problem
Overview
 
 
The Mandiant Consulting team is seeking an expert Cyber Threat Analyst to support a long-term engagement with a government client. This position will serve as the lead of a four-person team responsible for tracking threat actors and performing technical analysis of network and host based log and data sources. The position is integral part of the client’s Security Operations Center (SOC). This position will also support all aspects of implementing a cyber threat program, to include process development and training.
 
Responsibilities:
  • Cyber Threat Analysis
    • Track threat actors and associated TTPs
    • Analyze network traffic (packet capture) and logs
    • Analyze Intrusion Detection Signature (IDS) events
    • Develop detection signatures (IDS, Yara)
    • Perform memory analysis
    • Perform malware analysis
  • Proactive Analytics
    • Analyze malicious campaigns and evaluate effectiveness of security technologies
    • Develop countermeasures in response to threat actor TTPs
    • Develop advanced queries and alerts to detect adversary actions
    • Coordinate with engineering teams to implement developed analytics
  • Strategic Intelligence
    • Provide ad-hoc cyber intelligence briefings and threat summaries
    • Assess and outline implications to client
    • Provide threat based planning in support of strategic improvements
    • Support process improvement of the current cyber threat program and alignment with the strategic
      program
  • Tactical Intelligence
    • Review, document and establish workflows for strategic/tactical intelligence
    • Collect intelligence artifacts for development of internal IOCs
    • Convert intelligence into actionable mitigation and technical control recommendations
    • Apply intelligence towards discovery of suspicious activity and to prevent/detect future incidents
    • Establish interfaces with other internal SOC and Cyber Security teams
  • Intelligence Sharing and Reporting
    • Develop and operationalize threat ratings
    • Integrate (shared) intelligence into operations
    • Support standardization of threat responses
    • Coordinate with third-party intelligence providers
    • Represent client at various government threat exchanges
    • Brief senior SOC leadership to include the CISO on threats and incident related issues
  • Secondary Responsibilities
    • Host-based forensic investigation and analysis
    • Security Problem Management
    • Security Information and Event Management
    • Cyber Incident Management
Requirements:
  • Top Secret clearance with SCI eligibility
  • Bachelor’s degree in an IT-related field or a combination of education and experience
  • 10+ years of experience and proven success in Cyber Threat Intelligence Analysis
  • Excellent knowledge of security solutions and technologies, including: Windows, Linux, and network
    architecture, implementation and configuration
  • Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies
    (Snort rules), proxy technologies, and antivirus, spam and spyware solutions (Gateway and SaaS)
  • Experience working on high visibility, high-impact cyber security teams
  • Experience with malware analysis
  • Experience with advanced computer exploitation methodologies
  • Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
  • Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats
  • Superior interpersonal, communication, presentation and writing skills
  • Expertise in consulting with clients to define needs and issues, developing requirements and analyzing findings to advise and recommend solutions
  • Expertise working directly with executive and senior-level clients
  • Ability to set and manage expectations with senior stakeholders and team members
  • Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner
Additional Qualifications:
  • Certified Information Systems Security Professional (CISSP) certification desired
  • Experience with FireEye products, highly desired
  • Programming / scripting skills desired
 
FireEye is an Equal Opportunity Employer:  All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.  Click here to view the full EEO/AA statement.
 



Share this job:

FireEye

Join the team.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.
Visit FireEye's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Public Company
Company Size: 1,001-5000