Job Description

FireEye is seeking a Vulnerability Intelligence Analyst to join our Vulnerability & Exploitation team in Reston, Virginia. The team is not only responsible for performing deep assessments of software and web application vulnerabilities, tracking exploit code releases and exploitation activities, as well as the creation and maintenance of detailed and actionable reports to be delivered to our global commercial and government customers, but also leverages FireEye’s unique collection of sources to understand which of those vulnerabilities are actively being exploited, and for what type of activity. A successful candidate should have a fundamental understanding of vulnerabilities, what causes them, how an attacker could leverage them to perform malicious activities, and what organizations can do to mitigate them. Additionally, successful candidates should be self-motivated, willing to challenge themselves, and constantly striving for self-improvement. 

RESPONSIBILITIES:

• Monitors public and proprietary sources for vulnerability information
• Performs deep assessment of vulnerabilities
• Researches and writes actionable reports
• Ensures the accuracy and integrity of information throughout reporting
• Responds to internal and external customer inquiries on vulnerabilities and related topics
• Reports changes to the state of existing vulnerabilities to internal team members
• Maintains subject matter expert status in assigned areas

Qualifications

• Basic understanding of different vulnerability types and common weakness enumeration (CWE)
• Familiarity with web application and/or OS-level vulnerability categories and documentation (OWASP, CVE)
• Strong writing skills with ability to communicate clearly and efficiently
• Strong interpersonal skills and ability to collaborate in a team environment
• Understanding of security and networking basics

ADDITIONAL DESIRED QUALIFICATIONS: 

• Able to communicate how an attacker would go about exploiting a vulnerability and what types of activity they could use it for
• Understanding of patch management and software development lifecycle (SDLC)
• Functional ability to write code using Python
• Experience reviewing and/or testing exploit code
• Understanding of the general threat landscape and how vulnerabilities and their exploitation impact it

Additional Information

All your information will be kept confidential according to EEO guidelines.