Senior Threat Analyst (Remote) - Mandiant Boise, ID Bookmark Share Print 173 0 1

Listing Description

Job Description

Mandiant Threat Intelligence’s On-Demand Analyst Support service within the Custom Intelligence, Synthesis, and Reporting (CISR) Team provides Mandiant customers with the ability to have our expert analyst team develop succinct, tailored deliverables answering the customer’s information needs and intelligence requirements. In support of this service, this role involves research, analysis, and writing short and long analytic reports in response to customer requirements. 

Well-suited candidates are cyber threat intelligence analysts capable of responding to a wide range of questions related to cyber espionage, cyber crime, hacktivism, information operations, vulnerabilities, and/or enterprise cyber security questions. They will perform strategic, tactical, and operational research and analysis of adversarial cyber threats to provide timely, actionable, clear, and concise intelligence products to customers. 

What You Will Do: 

• Triage potentially malicious binaries and/or other types of malware, including familiarity with basic to intermediate static/dynamic analysis techniques, such as: 
  • Identify PUP’s/PUA's and/or dual-use hacktools 
  • Identify binary anomalies with basic static analysis tools 
  • Conduct simple script deobfuscation 
  • Interpret reports as generated by automated analysis sandboxes 
  • Highlight host-based and network-based indicators of compromise 
  • Reverse compiled script frameworks into source-code 
  • Identify significant attack-chain related network traffic from network captures
  • Conduct a differences comparison between a known good sample and a sample that has been potentially parasitically infected or trojanized 
  • Conduct a high-fidelity investigation into a potential False Positive identified by a security solution. 
• Pivot through open-source and internal frameworks for related data associated with potentially malicious IOCs, such as IP addresses, URLs, Domains and Hashes 
• Script basic tasks with high-level scripting languages, such as Python, such as: 
  • Interacting with internal APIs 
  • Leveraging open-source and enterprise subscription service APIs 
  • Design tools for internal use and team distribution, and train team members in their use 

Minimum Requirements: 

• 5+ years of experience in the threat intelligence or similar field
• Experience applying basic threat hunting techniques to pivot for given information to known attack patterns, malicious code families, tracked threat groups and other historical information 
• Experience training junior and peer analysts in the techniques listed above 
• Vet potential frameworks and security solutions for efficacy, usability and the ability to add value. 
• Demonstrate the analytical rigor through the drafting of customer-facing technical and threat investigation reports  
• Background in reviewing aggregated logs for suspicious events and identifying anomalous network traffic as represented by Netflow or host traffic captures 
• Able to parse captured memory dumps for significant events 

Desired Qualifications: 

Certifications from accredited institutions such as SANS and/or Offensive Security as desirable, such as: 

• GIAC Reverse Engineer (GREM), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA)  
• Offensive Security Certified Practitioner (OSCP)  
• Certified Information Systems Security Professional (CISSP) 

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Minimum Salary: 102,900.00. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant’s Compensation Committee, and vesting terms.

Benefits: Whether you are just starting your career, reaching a milestone, or gearing up for retirement, we offer plans and programs to keep you happy and healthy at any stage of life. We regularly evaluate our options to make sure they’ve got everything you need. Part of what makes Mandiant great is our diverse team, and we’ve made it our priority to provide benefits that support you on your individual journey at work and at home. Mandiant subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.