Senior Technical Intelligence Analyst

Full Time
Los Angeles, CA
Industry: Computer & Network Security
Areas of Interest: All Source Intelligence
report a problem
If you have a strong background in analysis and are looking to be at the forefront of technical threat intelligence tracking, then we want to hear from you!  As a Technical Intelligence Analyst you will be part of a rapidly growing and successful intelligence team focused on today’s emerging cyber security threats. The successful candidate should be an independent, critical thinker skilled in using data to solve analytic problems and adept in satisfying intelligence requirements under tight deadlines.
You will be responsible for research and development as well as using your forensic skill sets to help identify and contain security breaches. We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers, free tools or speaking at conferences.
  • Locate vector of infection/breach and help determine the extent of the compromise, attributes of any malware and possible data ex-filtrated
  • Develop, document, and manage containment strategy
  • Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers; and forensics and incident response
  • Identify and hunt for related TTPs across all internal/external repositories
  • Correlate collected intelligence, in order to build upon a larger knowledge base of tracked threat activity
  • 2 + years of experience in an analytical role of either network forensics analyst, Threat Analyst or security engineer/ consultant
  • 2 + years of experience in Investigative or Incident Response environments
  • One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or equivalent certifications in these areas
  • Expertise in analysis of TCP/IP network communication protocols
  • Experience with Perl, Python, or other scripting language in an incident handling environment
  • Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations
  • Experience with advanced computer exploitation methodologies, two or more analysis tools used in a CSIRT or similar investigative environment such as Encase or FTK, Helix, Paraben, etc.
  • Excellent knowledge of security solutions and technologies, including: Linux, Network architecture/implementation/configuration
  • Experience and knowledge of packet flow/TCP/UDP traffic, Firewall technologies, proxy technologies, anti-virus, spam and spyware solutions (Gateway and SaaS)
  • Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats
Additional Qualifications:
  • System administration experience with enterprise email systems, highly desired
  • Malware/security experience and experience with FireEye products, highly desired
  • Excellent communication and presentation skills with the ability to present to a variety of external audiences, including being able to interact with senior executives
  • Exceptional written communication skills
  • Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner
  • Ability to set and manage expectations with senior stake-holders and team members
FireEye is an Equal Opportunity Employer:  All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.  Click here to view the full EEO/AA statement.

Share this job:


Join the team.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.
Visit FireEye's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Public Company
Company Size: 1,001-5000