Position Title: Cyber Threat Analyst (TS/SCI Clearance)
Location: Tampa, FL
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber-attacks. FireEye has over 5,600 customers across 67 countries, including more than 40 percent of the Forbes Global 2000.
FireEye Consulting is seeking an experienced, motivated Cyber Threat Analyst (CTA) with analytic capabilities and a proven record of identifying and tracking threats. The CTA identifies trends and anomalous activity, and forecasts threat actor targeting. The Analyst knows what to look for in network traffic or customer systems, including threats against the customer’s industry, company, personnel, systems and data systems. The Analyst provides the customer with tactical and strategic intelligence about how threat groups are attacking and why.
The position is located on-site in Tampa, FL. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. The candidate must have knowledge of state-sponsored cyber espionage along with a technical understanding of the tools, techniques and procedures used by these threat actors. The candidate will provide operational support on expert level analysis regarding Advanced Persistent Threats (APTs), Indicators of Compromise (IOC), Intelligence Gathering and sharing this information with other formalized partners.
The CTA is expected to work with minimal guidance against a broad set of research objectives to handle a variety of complex assignments and situations and must demonstrate full knowledge of fundamental concepts across a wide range of intelligence disciplines. Within established priorities and deadlines, she/he will exercise independent judgment in selecting and applying appropriate work methods, procedures, techniques and practices.
We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers and speaking at conferences.
Utilize network and endpoint defensive tools to identify and analyze potential breaches or threat activity
Assess evolution of the broader threat landscape related to Customer’s AOR and associated risks
Recommend appropriate computer network defense (CND) actions to counter adversary activity
Provide alert-driven threat reports utilizing Customer intelligence sources and FireEye’s knowledge of threat actors’ identities, motives, capabilities, and targets
Prepare predictive analysis describing threat groups that are likely to target Customer, and the types of data theft or network attacks these groups would likely exploit
Develop analytics to illuminate and visualize threat activity
Automate tracking and discovery of threats leveraging internal and external data sources
Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations
Creating risk analysis reports describing new or evolving risks tied to Customer’s business areas, partners, products, and services
Correlate data collected during hunt or incident response engagements against FireEye’s intelligence repository
Utilize Mandiant, FireEye, or customer technology to conduct investigations and examine endpoint and network-based sources of evidence
Gather raw intelligence from sensors, incident response engagements, and other sources to condense into customer reports
Analyze malware, extracting relevant host and network-based indicators from malware samples
Develop comprehensive and accurate reports and presentations for both technical and executive audiences leveraging multiple intelligence sources
Provide training and mentorship, present to small groups, and speak in public in venues such as conferences
Active TS/SCI Clearance required
Minimum of 2-5 years of comparable experience
Experience identifying, analyzing and interpreting trends or patterns in complex data sets
Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations
Experience conducting static and dynamic malware analysis on a variety of platforms (Windows, Linux, Mobile, MacOS)
Experience with programming and scripting languages (e.g., Python, C++, C#)
Strong understanding of communication protocols (HTTP, DNS, TCP/UDP) as well as the various techniques utilized by malware within on operating system for persistence and data collection
Strong understanding of attacker methodology and methodologies used to hunt for adversarial activity
Ability to deliver technical training, advisory, and mentorship on complex topics in a classroom or operational environment
Bachelor’s degree in a technical field
Fundamental knowledge of current events and international politics
Ability to think critically and properly qualify analytic assessments
Ability to recognize and appropriately handle sensitive data
Ability to interface and establish rapport with internal operations
Ability to work with little direct oversight
Ability to document and explain technical details in a concise, understandable manner
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.