Detection and Response Engineer (Remote- US) - Mandiant Salt Lake City, UT Bookmark Share Print 362 0 1

Listing Description

Job Description

The Detection Engineering and Automation (DEA) team operates within Mandiant Managed Defense and has two core duties:

1.     Design logic to detect malicious activity by operationalizing threat intelligence

2.     Engineer solutions to push the fields of Detection, Hunting and Response forward with the goal of finding threat actors as quickly as possible

As a Detection and Response Engineer, you will be responsible for writing detections for tactics, techniques, and procedures used by advanced threat actors. In addition to crafting detection logic, day-to-day responsibilities may include using your engineering skillset to design, prototype, and build solutions to quickly find threat actors and minimize the impact they have on our customers.

Examples include integrating a new threat intelligence source into alerts to aid analysts in quicker decision making, automating the process of creating detection logic, or building an innovative new analysis tool. You know what malicious activity looks like and are ready to sling some code to solve problems at scale.

How Mandiant Empowers You

• Access to Detection Engineering tools built by Detection Engineers
• Collaborate and learn from innovative security researchers across the Mandiant business
• Time and support to learn the technical skills needed to accomplish our objectives
• Unfettered access to front-line threat data

Qualities You Bring to Mandiant

• Ability to identify where friction exists in current processes
• An empathetic approach to designing software
• Do it right instead of doing it fast
• Innovative approaches to improving Detection, Hunting and Response

What You Will Do:

• Develop logic to detect tactics, techniques, and procedures used by threat actors today
• Ensure detection logic is operating at the highest efficacy as possible
• Engineer solutions designed to automate detection and response workflows, including but not limited to:

1. Decision Support
2. Data Collection
3.  Lead Generation

• Maintain and build upon existing automations currently supporting Mandiant Managed Defense and its stakeholders
• Collaborate across the Mandiant business with the Incident Response, Threat Intelligence and Research teams to ensure we are designing the best content
• Mentor and train detection analysts across the Mandiant organization
• Write technical documentation

Minimum Requirements:

• 2+ years in a hands-on technical role of network forensic analyst, host forensics analysis, incident responder, or similar functions
• 2+ years of experience writing detection logic in formats such as Sigma, Yara, Snort/Suricata
• 2+ years of proficient coding skills (Python/JavaScript)
• 2+ years of familiarity with Continuous-Integration/Continuous-Deployment, Test-Driven Development, and REST/GraphQL APIs

Desired Qualifications:

• Experience with Apache Airflow
• Experience with ReTool
• Experience with React
• Experience working with endpoint telemetry/EDR security products
• Familiarity with MITRE ATT&CK

As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire. At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Minimum Salary: $[100,000]. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. 

Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from Mandiant's Compensation Committee, and vesting terms  

Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, Mandiant also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. Mandiant also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.  

*Disclosure as required by sb19-085 (8-5-20)