Threat Research Analyst
- McLean, VA
FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,500 customers across 67 countries, including more than 50 percent of the Forbes Global 2000.
As a Threat Research Analyst, you will identify and analyze new adversarial tactics, techniques and procedures (TTPs), reproduce them with the Verodin Security Instrumentation Platform, in order to enable customers to empirically measure and improve their defenses against those attacks.
• Open-source research of adversary tactics, techniques and procedures (TTPs)
• Collection and analysis of artifacts including malicious executables, scripts, documents, and packet captures
• Research and reproduction of adversary attack techniques with the Verodin Security Instrumentation Platform
• Understanding of network protocols, including TCP/IP, UDP, and HTTP
• Understanding of PowerShell and other command shell scripting languages
• Ability to review and write regular expressions (regex)
• Ability to analyze packet captures using tools, such as wireshark, tcpdump and Bro/Zeek
• Familiarity with hacking, penetration testing, and vulnerability scanning tools, such as NMAP, Kali Linux, Metasploit, and CORE Impact
• Intermediate to advanced level of experience with Python
• Familiarity with one of the following areas: ICS threats and security, macOS security, and/or advanced malware reverse engineering, sandbox technologies, KVM/QEMU, or Windows Internals
• Historical knowledge of major cyber threat actors and malware families
• Knowledge of security and compliance frameworks, including MITRE ATT&CK, NIST 800-53 and/or PCI
• Ability to author, tune, and understand signatures from multi-vendor security products including Snort, Yara, Palo Alto Networks, Cisco Firepower, FireEye, ELK Stack, and others
• Familiarity with GitHub, VirusTotal, and ANY.RUN
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.