SOC Incident Analyst

  • Austin, TX
  • Full-time

Company Description

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at https://www.fireeye.com/company.html.

Job Description

Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. 

The Security Operations Center (SOC) Incident Analyst role will report to the SOC Lead Analyst and is responsible for detecting and responding to potentially malicious security incidents escalated by FireEye Managed Defense or other members of the SOC team. The SOC Incident Analyst is a technical position that requires experience conducting and managing primary or low-level incident response efforts, including incident triage, initial remediation, and further escalation of more critical incidents to the Lead SOC Analyst and SOC Manager.  While the SOC Incident Analyst will spend time working off of incident playbooks, a large portion of the analyst’s time will be working in security analytics and improving incident response processes, which will include assisting security tools administrators in improving rules and alerts on incident monitoring tools.

Candidates for this position must enjoy working as a member of a highly technical team in a rapidly changing environment, be innovative and creative in detection tactics and techniques, and passion for protecting patient data and corporate assets from diverse threats facing the healthcare industry.

What You Will Do:

  • Conduct real-time analysis using the SIEM, FireEye technologies, and other security analytics tools with a focus on identifying security events and false positives.  Analyze potential security incidents and escalate to SOC Lead Analyst for further triage or analysis. 
  • Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools.
  • Research and leverage cybersecurity intelligence sources to improve SOC incident detection and response capabilities.
  • Create and maintain operational reports for Key Performance Indicators and weekly and monthly metrics.
  • Perform triage and response activities related to suspected phishing emails reported to the information security team.
  • Investigate and advise on potential risks and active vulnerabilities identified within the monitored network environment.

Qualifications

Requirements:

  • 2+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
  • In-depth knowledge of security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, DDoS protection, and firewalls
  • Knowledge of Microsoft Windows systems including active directory and Unix systems
  • Experience utilizing FireEye technology stack for security event triage and analysis and incident response
  • Experience analyzing and inspection log files, network packets, and any other security tool information output from multiple system types
  • Familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, SMTP, and HTTP
  • Team-oriented and skilled in working within a collaborative environment
  • Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment
  • Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency
  • Experience with technical analysis of email headers, links, and attachments to determine if an email is malicious, and then executing remediation techniques to protect the environment

Additional Qualifications:

  • Healthcare experience preferred
  • One or more of the following certifications are required:  CompTIA Security +; CompTIA Network +; Information systems Security Professional (CISSP); SANS-GIAC certification (Security Essentials/GCIH, GCED, GCIA, GNFA, GPEN, GWAPRT); CISCO (CCNA); EC-Council (CEH, LPT)
  • Team-oriented and skilled in working within a collaborative environment
  • Solid written and communication skills with the ability to present ideas in business-friendly and user-friendly language
  • Proven problem-solving abilities
  • Willingness to acquire in-depth knowledge of network and host security technologies and products (such as endpoint, network, email security) and continuously improve these skills
  • Ability to clearly and concisely document and explain technical details (e.g. experience documenting incidents, technical writing, etc.)
  • Collaborate with peers and multiple teams to identify improvements and identify areas for tuning use cases or signatures to enhance monitoring value
  • Participate in technical meetings and working groups to address issues related to malware, threats, vulnerabilities, and cybersecurity preparedness

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to [email protected]

Videos To Watch

Privacy Policy