Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.
The Senior SOC Analyst (Incident Response) is responsible for support to the response management processes in the event of High Severity Incidents. The Senior SOC Analyst also acts as a point of escalation for SOC Analysts and provides mentorship.
- Serve as the lead responder for incidents that require investigative response and remediation.
- Assist in developing the incident response strategy and then creating and assigning response actions to Event Triage Analysts as needed.
- Determine initial incident stakeholders and initiate the incident notification process.
- Lead initial incident notification call (optional based on incident type) and subsequent incident update conference calls.
- Provide information to key stakeholders as determined by the escalation matrix.
- Develop strategic decisions for Sponsor CERT regarding incidents.
- Approve the initial incident notification and subsequent incident updates.
- Ensure all actions identified during the incident response process are documented.
- Conduct verbal incident handoff to other region’s designated Incident Handler at end of business day.
- Determine when incident is officially resolved and closed.
- Conduct lessons learned meeting and develop the official Incident Report.
- Assist in training Triage Analysts on new processes/tools.
- - Serve as an escalation point for TIER 1 Analysts for complex/unusual alerts/cases/requests/incidents.
- Identify new Playbooks that need to be developed based on incident reviews.
- Act as subject matter expert regarding incident response activities.
- Identify and communicate gaps in being able to effectively respond to incidents.
- Develop detection logic to assist in detecting malicious activity.
- Lead significant SOC projects, focused on enhancements to detection and incident response capabilities and other improvements to core SOC workflow / process / documentation.
- SECRET/TOP SECRET Clearance
- A Bachelor’s Degree from an accredited college and six years of satisfactory full-time experience related to projects and policies required by the position; OR
- Education and/or experience which is equivalent to the above
- DoD 8570 Certifcation
- 1-3 years of experience detecting and responding to cyber intrusions.
- Security+, CEH, CASP or similar Cyber Security or Incident Response Certifications
- Strong communication skills, both written and oral.
- Thorough knowledge of operating systems, networking, and host analysis.
- Detailed understanding of attacker tactics, tools, and techniques.
- Strong analytical and investigative mindset
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.
At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
This position must be located in the Washington DC/Metro area.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Full Telecommute