Cyber Threat Analyst (TS/SCI)
- Washington, DC
FireEye Mandiant is seeking an experienced, motivated Cyber Threat Analyst (CTA) to support federal and commercial customers. The CTA will work closely with the customer and be responsible for providing threat intelligence collection and monitoring, analysis, and reporting. The position is located on-site in Washington, DC. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. The candidate will provide operational support on expert level analysis in regard to Advanced Persistent Threats (APTs), Indicators of Compromise (IOC), Intelligence Gathering and sharing this information with other formalized partners.
What You Will Do:
- Gather, extract, and disseminate open source intelligence (OSINT) on threat actors targeting the Customer, health care industry, government agencies in general, as well as public sector.
- Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Anomali, CISP, ThreatConnect, Palantir.
- Provide Subject Matter Expert (SME) level evaluation on threats to an enterprise network as well as new technologies that could be leveraged to protect it by identifying security gaps with advanced analysis. Produce ‘white papers’ to customer to clearly document threat and how to address.
- Work with industry partners to gather and share intelligence. Apply intelligence to the Customer network and systems to proactively identify potential cyber threats.
- Review audit logs and identify any unusual or suspect behavior.
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks.
- Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
- Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams.
- Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH). Provide security solutions and interpretations of security policies as they relate to specific security infrastructure, architectures and information systems in customer environment.
- Coordinate meetings, compile reporting and manage deliverables.
- Ensure IT security policies and controls are adequately addressed by conducting periodic quality control measurements including but not limited to IT security evaluations, audits, and reviews to verify that systems under customer purview are operating in a manner consistent with Customer, their Security Policies, controls and standards.
- Evaluate, document and coordinate technical cyber security capabilities of various groups supporting the client, with an emphasis on risk, compliance, controls and logging.
- Assist team in implementation and maintenance of various Cyber Operations systems and applications as needed; for example, NAC, IDS, etc.
- Top Secret clearance with SCI eligibility and the ability to undergo polygraph (if client requested)
- Bachelor’s degree in an IT-related field or equivalent experience
- Ten years (10+) years of cyber security experience; Eight years (8+) years of experience in a threat hunting role, including:
- Advanced network forensic experience with the following application layer protocols HTTP/S, DNS, NTP, SSH, FTP, and SMTP.
- Experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks.
- Interaction with C-level, SES, and Congressional members
- Experience interpreting and implementing cyber security regulations.
- Excellent verbal communication skills.
- Excellent written skills for preparing reports and briefings.
- Excellent analytical and problem solving skills.
- Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
- Certification (or ability to obtain certification) in at least one of the following areas: 1) Certified Counterintelligence Threat Analyst (CCTA), 2) Certified Cyber Intelligence Professional (CCIP), or 3) Certified Cyber Investigations Expert (CCIE).
- At least one Splunk certification
- Provide expert level knowledge of tools and technologies used for enterprise security
- Proven ability and understanding of the components that comprise a successful information security program
- Advanced Splunk certifications highly desired
- Excellent written and verbal communication skills
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to [email protected].