Listing Description
Job Description
Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.
Responsibilities
- Conduct on-site application, infrastructure, and system vulnerability and compliance scanning of Sponsor assets
- Improve security posture through identifying potential vulnerabilities, communicating their impact, and managing mitigation responses across impacted stakeholders
- Present vulnerability findings to system stakeholders, penetration testers, control assessors and security analysts and assist throughout the remediation process
- Conduct continuous monitoring and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection
Qualifications
- TS/SCI Poly
- A Bachelor’s Degree from an accredited college and six years of satisfactory full-time experience related to projects and policies required by the position; OR
- Education and/or experience which is equivalent to the above
Preferred Skills
- In-depth knowledge of security assessment lifecycle
- Knowledge of security technologies, devices and countermeasures as well as the threats they are designed to counter
- Good understanding of the various hacking techniques, the kill chain, and the defensive countermeasures
- Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
- Knowledge of Risk management frameworks and techniques
- Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
- Program and project management skills
- Knowledge of Threat modeling techniques
- Good understanding of IP networking, fundamental software development, cloud platforms (IaaS, PaaS, SaaS) and the current IT trends in the industry
- CISSP certification
- Experience with one or more programming languages and exposure to the software development lifecycle
- Good grasp of NIST, PCI, ISO, and SOC security guidance and documents
Desired:
DoD 8570 Certified
Additional Information
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.
At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
This position must be located in the Washington DC/Metro area.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided