Please Note: This application is intended for students to express their interest in our 2020 Vulnerability Intelligence Internships – this application will be used to fill multiple roles within this team.
FireEye is seeking a Vulnerability Intelligence Analyst to join our Vulnerability & Exploitation team in Reston, Virginia. The team is not only responsible for performing deep assessments of software and web application vulnerabilities, tracking exploit code releases and exploitation activities, as well as the creation and maintenance of detailed and actionable reports to be delivered to our global commercial and government customers, but also leverages FireEye’s unique collection of sources to understand which of those vulnerabilities are actively being exploited, and for what type of activity.
A successful candidate should have a fundamental understanding of vulnerabilities, what causes them, how an attacker could leverage them to perform malicious activities, and what organizations can do to mitigate them. Additionally, successful candidates should be self-motivated, willing to challenge themselves, and constantly striving for self-improvement.
Monitors public and proprietary sources for vulnerability information
Performs deep assessment of vulnerabilities
Researches and writes actionable reports
Ensures the accuracy and integrity of information throughout reporting
Responds to internal and external customer inquiries on vulnerabilities and related topics
Reports changes to the state of existing vulnerabilities to internal team members
Maintains subject matter expert status in assigned areas
Basic understanding of different vulnerability types and common weakness enumeration (CWE)
Familiarity with web application and/or OS-level vulnerability categories and documentation (OWASP, CVE)
Strong writing skills with ability to communicate clearly and efficiently
Strong interpersonal skills and ability to collaborate in a team environment
Understanding of security and networking basics
Additional Desired Qualifications:
Able to communicate how an attacker would go about exploiting a vulnerability and what types of activity they could use it for
Understanding of patch management and software development lifecycle (SDLC)
Functional ability to write code using Python
Experience reviewing and/or testing exploit code
Understanding of the general threat landscape and how vulnerabilities and their exploitation impact it
All your information will be kept confidential according to EEO guidelines.