Threat Hunting Analyst (Remote - USA) - Mandiant Richmond, VA Bookmark Share Print 232 0 1

Listing Description

Job Description

The Advanced Analysis team operates within Mandiant’s Managed Defense detection and response offering and provides threat hunting incident response support and detection engineering to our global customer base. We are looking for highly motivated and technical analysts with experience in incident response, digital forensics, and threat hunting to continually improve our ability to protect organizations against the world’s most advanced threat actors. 

As a Threat Hunting Analyst, you will be responsible for identifying intrusions and threat actor activity that evades traditional detection mechanisms and developing techniques to continually identify and disrupt threat actors. The ideal candidate is someone with a diverse background that enjoys the thrill of the chase, solving puzzles, and navigating without a map. 

What You Will Do: 

• Maintain current knowledge of tools and best practices in digital forensics and incident response  
• Translate threat actor tools, techniques, and procedures (TTPs) into hunting analytics, centered around the MITRE ATT&CK® framework 
• Develop and apply analytical techniques to large data sets to perform continuous hunting activities within Managed Defense customer environments for previously unidentified threats 
• Utilize Mandiant and supported vendor technologies to conduct investigations and examine endpoint and network-based sources of evidence 
• Produce written reports detailing hunt findings to Managed Defense customers 
• Evaluate hunting analytic efficacy for tuning and promotion of analytics to alerting status  
• Develop workflows and automations to reduce attacker dwell time and enhance Managed Defense’s threat hunting processes 

Minimum Requirements: 

• 1+ years experience in a hands-on technical role performing host-based forensic analysis, incident response, or other similar functions 
• 1+ years experience conducting analysis of raw log data, such as firewall or VPN logs, proxy logs, web application logs, or Windows Event Logs 
• 1+ years Experience with an endpoint detection and response (EDR) tool, such as Trellix, CrowdStrike Falcon, Carbon Black, Sentinel One 
• Experience with at least one programming or scripting language, such as Python, PowerShell, or Bash 
• Experience with at least one common query language, such as SQL, KQL, GraphQL, or SPL 

Desired Qualifications: 

• Experience with log management platforms, such as Splunk or Elasticsearch/Logstash/Kibana (ELK) 
• Experience with cloud infrastructure, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) 
• Experience writing either host-based or network-based detections (e.g., Yara or Snort) 
• Familiarity with enterprise IT administration tools and the “living off the land” (LotL) concept 
• Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals 
• Experience working on a geographically distributed team 
• Any of the following certifications: PEN-200/OSCP, GCFA, GREM, GPEN 
• Knowledge of common offensive security tools, such as: Metasploit, Cobalt Strike, Empire, PowerSploit, or CrackMapExec 
• Familiarity with the MITRE ATT&CK framework 
• Experience with all major operating system types (Windows, Linux, and macOS), including their command line interfaces (CLIs) 
• The ability to document and explain technical details clearly and concisely, with proficiency in written English 

As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Minimum Salary: 95,000.00. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant’s Compensation Committee, and vesting terms.

Benefits: Whether you are just starting your career, reaching a milestone, or gearing up for retirement, we offer plans and programs to keep you happy and healthy at any stage of life. We regularly evaluate our options to make sure they’ve got everything you need. Part of what makes Mandiant great is our diverse team, and we’ve made it our priority to provide benefits that support you on your individual journey at work and at home.

Mandiant subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.