- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Full Telecommute
Mandiant is seeking a Detection Engineer to join our Advanced Practices Detection team. With visibility into the latest threats observed by Mandiant, you will be focused on developing specialized detection rules utilizing multiple detection engines for use across the company. You will also collaborate with teams across Mandiant to support company detection efforts.
Candidates should have a creative, curious and energized approach to understanding and detecting threat actor tactics and malware and be comfortable working independently.
We encourage giving back to the security community and strongly support sharing of expertise through blogs, whitepapers, tool releases and conference talks.
About Advanced Practices:
Advanced Practices, part of Mandiant Intelligence, was formed in 2015 to exclusively focus on the most difficult threats facing our clients and our company independent of product or business lines. We work with every other Mandiant team to track, correlate, attribute, detect, and collect on our adversaries using advanced analysis and deep research. Advanced Practices codifies and makes actionable the knowledge from thousands of annual event responses, all available organic telemetry, and other novel sources and methods. As an extension of this work, Advanced Practices acts as key practitioners driving Mandiant’s larger development for technology, process, and thought leadership.
Illumination. Advanced Practices illuminates under-reported or uncorrelated intrusion activity to expose and amplify complex adversary activity. We search for the nearly imperceptible traces of attackers wherever we can find them and seek to surface their activity for action.
Front-line Visibility. Our team of 40+ talented security research and threat analysis professionals bring centuries of experience investigating intrusions, analyzing malware, and dissecting digital artifacts to deliver front-line innovation for Mandiant.
Threat Discovery. Our goal is simple: to know the most about adversaries and make this knowledge actionable. Advanced Practices enables early discovery and analysis of adversary operations and their tradecraft so that our customers are protected.
It’s How that Works. Our team studies the world’s most impactful intrusions from the Mandiant frontlines to understand how apex attackers operate. The focus on technical evidence and how our adversaries operate powers the who our adversaries are and contributes to new how’s to keep the cycle in motion.
Surfacing the Unseen. We look for unique features and common adversary methods across all intrusions and malware so we can develop resilient monitoring, detection, and discovery of attacker activity. We set proactive traps and develop threat signals to capture real-time and historic adversary activity from important, evasive, and emerging threats. Additionally, we examine historical data for new patterns based on recent finds.
- Support detection efforts across the full scope of Mandiant
- Develop detection content in Yara, Snort, Yara-L and EDR rule formats
- Review reports and other technical threat data to identify detection opportunities
- Determine current detection coverage for malware samples, network traffic, and endpoint events
- Peer-review detection rules to enforce quality and process
- Monitor and tune deployed detection rules
- Employ detection rule generation and automation systems
- Work with multiple expert teams simultaneously in stressful environments and timeframes
- 4+ years of detection engineering experience with:
- Snort / Suricata
- EDR rule creation
- 2+ years of experience developing production detection content as part of a security vendor, security service provider, large enterprise, or in another large and diverse environment
- 2+ years of technical experience with:
- Malware analysis
- Packet capture analysis
- Endpoint analysis (Windows, OSX and/or *nix)
- Log analysis
- Ability to identify detection opportunities in intelligence, sandbox and malware reports
- Applied knowledge in at least one scripting or development language (such as Python)
- Detection engineering experience with Yara-L or Sigma
- Experience with detection in cloud environments
- Experience using and building queries for SIEM tools
- Familiarity with JIRA or similar ticketing systems
- Strong problem solving, troubleshooting, and analysis skills
- Experience working in fast-paced environments
- Self-driven, proactive, hardworking, creative, team-player
- Excellent written and verbal communication skills