Senior Threat Analyst

Senior Threat Analyst

Vacancy expired!

Job Description

If you have a strong background in analysis and are looking to be at the forefront of technical threat tracking, then we want to hear from you! As a Technical Threat Analyst, you will be part of a rapidly growing and successful Technical Frontline Applied Research and Expertise (FLARE) team focused on operationalizing today’s emerging cyber security threats. The successful candidate should be an independent, critical thinker skilled in using data to solve analytic problems with an ability to integrate threat knowledge into operational support and solution to help drive FireEye – including Managed Defense, Mandiant Intelligence, and Mandiant consulting.

You will be responsible for tracking advanced threats through researching, modeling, developing, and integrating threat data into FireEye’s core platforms. The curation of threat data enables a cohesive intelligence-led approach in our products, detections, services, deliverables, and support. We encourage contributions back to the security community and strongly support sharing of expertise. Our team members are encouraged to author whitepapers, develop free tools, and speak at conferences.

Responsibilities:

• Develop into the company expert on tracking the most advanced groups we encounter
• Provide threat context and integration support to multiple FireEye service lines
• Maintain expert knowledge of advanced persistent threats tools, techniques, and procedures (TTPs) as well as forensics and incident response practices
• Analyze technical data to extract attacker TTPs, identify unique attributes of malware, map attacker infrastructure, and pivot to related threat data
• Identify and hunt for emerging threat activity across all internal/external sources
• Establish standards, taxonomy, and processes for threat modeling and integration
• Provide threat research and context to global service delivery for Mandiant and Managed Defense investigations
• Drive FireEye detections and technology through threat expertise and knowledge
• Perform threat research and analysis during high-severity cyber-attacks impacting FireEye customers globally
• Cross-coordinate threat data and trends between internal teams for rapid inclusion into customer deliverables
• Be the final arbiter for the technical attribution of every key organic FireEye event

Qualifications

• 4+ years of experience in an analytical role of either network forensics, threat analyst, or security consultant/engineer
• 2 + years of experience in Investigative or Incident Response environments
• Technical experience in at least three of the following areas:

  • Windows disk and memory forensics
  • Network Security Monitoring (NSM), network traffic analysis, and log analysis
  • Unix or Linux disk and memory forensics
  • Static and dynamic malware analysis
  • Applied knowledge in at least one scripting or development language (such as Python)
  • Understanding of enterprise security controls in Active Directory / Windows environments
  • Tracking threats in an intelligence function

Additional Qualifications:

• Excellent communication and presentation skills with the ability to present to technical and non-technical audiences
• Exceptional written communication skills
• Strong decisionmaking skills with the ability to prioritize and execute
• Ability to set and manage expectations with senior stake-holders and team members
• Strong problem solving, troubleshooting, and analysis skills
• Experience working in fast-paced development environments
• Excellent inter-personal and teamwork skills
• Self-driven, proactive, hardworking, creative, team-player with a good sense of humor

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to [emailprotected]