Senior Incident Response Analyst

Full Time
Reston, VA
Industry: Computer & Network Security
Areas of Interest: Incident Response
report a problem
Come join the FireEye team protecting FireEye!  With a unique responsibility as a security team protecting a forward-thinking next generation security company, joining the FireEye Information Security Risk Management (ISRM) team is truly an exciting career opportunity.  Led by our Chief Security Officer, the ISRM organization is focused on protecting the company, protecting customers and advancing the industry as we deal with a very dynamic and evolving threat landscape. We have a unique set of challenges and require experienced and creative problem solvers. 
We are looking for an experienced and senior-level Incident Response Analyst to join our team in helping to defend FireEye.  As a senior member of the Information Security Operations team, the successful candidate will provide technical leadership in security monitoring and incident response.  You will be responsible for interpreting, analyzing and correlating complex security events from a distributed and global environment in order to find indicators of compromise.  You will also work in close collaboration with internal and external groups to develop new capabilities to improve security situational awareness across the enterprise.  This is a hands-on role in a fast-paced team and requires an individual who understands and can effectively respond to cyber attacks.
  • Identify security issues and risks associated with security events and manage the incident response process
  • Participate in the incident response and investigation process for identified security events
  • Perform network and system forensics in response to security incidents
  • Optimize and customize security monitoring tools in order to improve detection
  • Hunt for signs of APT activities
  • Work with various business units to conduct vulnerability scanning and respond to vulnerability reports
  • Maintain and update the security operational workflow
  • Respond to incident reports
  • Bachelor’s degree in computer science, IT or related field
  • 7+ years of experience as a security analyst, engineer or similar
  • In-depth knowledge of security monitoring and incident response
  • Understanding of the tactics, techniques and procedures of advanced attackers
  • Experience using and customizing SIEM products
  • Solid understanding of network protocols and architecture.
  • Demonstrated experience performing digital forensics and incident response using tools such as Mandiant Intelligent Response, FireEye Redline, RedSeal, Encase or other enterprise tools
  • Experience with network intrusion detection and analysis tools such as Bro, Sourcefire, Snort and Wireshark
  • Demonstrated experience with log analysis and administering enterprise log aggregation systems such as Splunk, ELSA and Logstash
  • Exposure to advanced malware technologies
  • Experience solving problems with scripting languages such as Perl, Python, PowerShell or Bash
  • Exposure to protecting cloud-based and distributed infrastructures
  • Ability to articulate complex concepts to both technical and non-technical staff, including senior leadership
  • Demonstrated success communicating in writing to both internal and external stakeholders, including vulnerability researchers
  • Experience dealing with public vulnerability disclosure and response
Additional Qualifications:
  • Prior experience working in information security operations or a SOC preferred
  • Certifications such as CISSP and SANS preferred
  • Experience dealing with product vulnerability coordination preferred
FireEye is an Equal Opportunity Employer:  All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.  Click here to view the full EEO/AA statement.

Share this job:


Join the team.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.
Visit FireEye's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Public Company
Company Size: 1,001-5000