Mandiant Security Transformation Services helps organizations build an effective security operations program that minimizes organizational risk and reduces the impact of security breaches. Our Consultants offer recommendations grounded in first-hand experience and based on a security model that maps directly to our clients strategic goals, aligning security programs to support an Adaptive Defense strategy.
The Security Operations Center (SOC) Analyst role will report to SOC Lead and is responsible for detecting and responding to potentially malicious security incidents escalated by Mandiant Managed Defense or other members of the SOC team. The SOC Analyst is a technical position that requires experience conducting and managing primary or low-level incident response efforts, including incident triage, initial remediation, and further escalation of more critical incidents to the SOC Lead. While the SOC Analyst will spend time working from incident playbooks, a large portion of the analyst’s time will be working in security analytics and improving incident response processes, which will include assisting security tools administrators in improving rules and alerts on incident monitoring tools.
- Lead and conduct real-time and historical analysis using security analytics tools and digital forensics platforms.
- Manage intake of incident reports from Mandiant Managed Defense and internal customers through internal ticketing system, email, phone, and enterprise detection technologies in a timely and accurate manner in order to resolve a multitude of information security related situations.
- Respond to detected security events related to Customer’s environment, from everyday security events to advanced persistent threats (APTs).
- Responsible for correlation and initial triage of security events and indicators generated by the Customer security monitoring tools.
- Escalate events to SOC Lead and other leadership as required.
- Work as a member of Customer Information Security team to protect critical data, assets and infrastructure.
- Assist the SOC Lead in authoring incident related communications, including incident response reports, incident status updates, and implementation of lessons learned after an incident.
- Provide technical KPI, threat intelligence, and key metric data to SOC Manager to facilitate authoring regular SOC operations and metrics reports.
- Research, analyze and understand log sources for active directory, security and network devices such as IDS/IPS, firewalls, web proxies, routers, anti-virus, and operating systems.
- Contribute to and provide input to improving the SOC incident management processes.
- Research and leverage cybersecurity intelligence sources to improve SOC incident detection and response capabilities.
- 2+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
- In-depth knowledge of security tools such as EDR, SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, DDoS protection, and firewalls.
- Knowledge of Microsoft Windows systems including active directory and Unix systems.
- Experience utilizing EDR technologies for security event triage, analysis and incident response.
- Experience analyzing and inspection log files, network packets, and any other security tool information output from multiple system types.
- Familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, SMTP, and HTTP.
- Team-oriented and skilled in working within a collaborative environment
- Proven problem-solving abilities.
- Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment.
- Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency.
- Good written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Additional Qualifications:
- Must be eligible to work in the US without sponsorship
- Ability to travel up to 30%
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.
At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Minimum Salary: 102,900.00.
Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant’s Compensation Committee, and vesting terms.
Benefits: Whether you are just starting your career, reaching a milestone, or gearing up for retirement, we offer plans and programs to keep you happy and healthy at any stage of life. We regularly evaluate our options to make sure they’ve got everything you need. Part of what makes Mandiant great is our diverse team, and we’ve made it our priority to provide benefits that support you on your individual journey at work and at home. Mandiant subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Full Telecommute