Job Description

FireEye Mandiant Consulting is seeking an experienced, motivated Cyber Threat Analyst (CTA) with analytic capabilities and a proven record of identifying and tracking threats. The CTA identifies trends and anomalous activity, and forecasts threat actor targeting. The Analyst knows what to look for in network traffic or customer systems, including threats against the customer’s industry, company, personnel, systems and data systems. The Analyst provides the customer with tactical and strategic intelligence about how threat groups are attacking and why.  

The position is located on-site in Omaha, NE. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. The candidate must have knowledge of state-sponsored cyber espionage along with a technical understanding of the tools, techniques and procedures used by these threat actors. The candidate will provide operational support on expert level analysis regarding Advanced Persistent Threats (APTs), Indicators of Compromise (IOC), Intelligence Gathering and sharing this information with other formalized partners. 

The CTA is expected to work with minimal guidance against a broad set of research objectives to handle a variety of complex assignments and situations and must demonstrate full knowledge of fundamental concepts across a wide range of intelligence disciplines. Within established priorities and deadlines, she/he will exercise independent judgment in selecting and applying appropriate work methods, procedures, techniques and practices.   We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers and speaking at conferences.

RESPONSIBILITIES:

• Utilize network and endpoint defensive tools to identify and analyze potential breaches or threat activity
• Assess evolution of the broader threat landscape related to Customer’s AOR and associated risks
• Recommend appropriate computer network defense (CND) actions to counter adversary activity
• Provide alert-driven threat reports utilizing Customer intelligence sources and FireEye’s knowledge of threat actors’ identities, motives, capabilities, and targets
• Prepare predictive analysis describing threat groups that are likely to target Customer, and the types of data theft or network attacks these groups would likely exploit
• Develop analytics to illuminate and visualize threat activity
• Automate tracking and discovery of threats leveraging internal and external data sources
• Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations
• Creating risk analysis reports describing new or evolving risks tied to Customer’s business areas, partners, products, and services
• Correlate data collected during hunt or incident response engagements against intelligence repositories
• Utilize in-house defensive technologies to conduct investigations and examine endpoint and network-based sources of evidence
• Gather raw intelligence from sensors, incident response engagements, and other sources to condense into customer reports
• Triage malware, extracting relevant host and network-based indicators from malware samples
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences leveraging multiple intelligence sources
• Provide training and mentorship, present to small groups, and speak in public in venues such as conferences

Qualifications

• Active TS/SCI Clearance is required
• Minimum of 5 years of comparable experience
• Experience identifying, analyzing and interpreting trends or patterns in complex data sets
• Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations
• Experience with Carbon Black
• Experience conducting static and dynamic malware analysis to identify indicators for use with cyber defense and hunt operations
• Experience with scripting languages (e.g., Python, Perl, Bash)
• Experience creating Snort and Yara signatures in support of cyber defense and hunt operations
• Strong understanding of communication protocols (HTTP, DNS, TCP/UDP) as well as the various techniques utilized by malware within on operating system for persistence and data collection
• Strong understanding of attacker methodology and methodologies used to hunt for adversarial activity
• Ability to deliver technical training, advisory, and mentorship on complex topics in a classroom or operational environment

ADDITIONAL QUALIFICATIONS:

• Bachelor’s degree in a technical field
• Fundamental knowledge of current events and international politics
• Ability to think critically and properly qualify analytic assessments
• Ability to recognize and appropriately handle sensitive data
• Ability to interface and establish rapport with internal operations
• Ability to work with little direct oversight
• Ability to document and explain technical details in a concise, understandable manner

Additional Information All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.