Senior Threat Hunter (Top Secret) - Mandiant Washington, DC Bookmark Share Print 845 0 0

Listing Description

Job Description

Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.  Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

The Threat Hunter will provide day-to-day proactive hunt services for federal and commercial clients. Focus will be on host based investigations, network forensics, using strong problem-solving skills, and able to communicate effectively to people at various layers to assist leadership to make timely and well thought out decisions. This role will work cross-functionally with their peers on other teams such as intelligence, SOC analysts, IR team, and engineering. This role is considered a subject matter expert for hunting via host-based and network-based analysis as well as performing forensics.

What You Will Do:

• Perform security assessments providing comprehensive identification of vulnerabilities and support to clients facilitating activities within the incident response process
• Provide guidance on building and/or maturing information security programs, detecting and responding to computer security incidents, and implementation of tools and technologies used for enterprise security
• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects
• Implement and/or assess existing security controls
• Provide expert level knowledge of tools and technologies used for enterprise security
• Interface with clients to address concerns, issues or escalations; track and drive to closure any issues that impact the service and its value to clients
• Ensure all endpoint and hunt technology are maintained
• Maintain a standalone malware analysis network
• Troubleshoot endpoint monitoring tools to ensure connectivity and containment functionality is maintained
• Maintain hunt tools and databases

• Top Secret clearance with SCI eligibility and the ability to undergo polygraph (if client requested)
• Bachelor’s degree in an IT-related field or equivalent experience
• Ten years (10+) years of cyber security experience; Eight years (8+) years of experience in a threat hunting role, including:
• Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
• Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
• Interaction with C-level, SES, and Congressional members
• Quickly master, simplify, and communicate the value proposition of complex subjects to clients
• Evaluate customer needs, coordinate design for a solution, and clearly communicate solutions
• Advanced experience with the critical tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations.
• Thorough understanding of cyber security operations, event monitoring, and SIEM tools (e.g., Splunk)
• Familiar with investigating network devices (e.g., proxies, SSL break-and-inspect, firewalls, VPN concentrators)
• Familiar with virtualization investigations (e.g., VMware, Citrix)
• Familiar with cloud investigations (e.g., Azure, O365, Amazon)
• Familiar with Unix and Windows operating systems and administrative tools

Additional Qualifications:

• Provide expert level knowledge of tools and technologies used for enterprise security
• Proven ability and understanding of the components that comprise a successful information security program
• Splunk certifications highly desired
• Excellent written and verbal communication skills