Countermeasures Engineer

FireEye

Title: Countermeasures Engineer (Top Secret Poly Clearance Required)
Location: Ft. Meade, MD
 
 
FireEye is supporting a critical customer mission to design, build, deliver, and operate a national level network defense capability.   FireEye is seeking a Countermeasures Engineer (CME) to provide support to ongoing breach detection, threat analysis, intelligence integration, and active defense. The CME will be responsible for enhancing the Customer’s active defense capability, enriching boundary defense data with actionable intelligence to inform mitigation and supporting overall hunt and analysis operations. Additionally, the CME may spend time performing security engineering activities during the analysis, design, development, and sustainment phases of the customer program, including interfacing with the customer for these activities. 
 
The successful candidate will have a background in proactive hunt activities, counter measure engineering and active operations, and identification of threats affecting networks and systems. Experience in collecting and analyzing intrusion detection system alerts, firewall logs, network traffic logs, and host system logs to identify malicious intent is essential.  This position is part of a team of SMEs offered autonomy, and therefore the successful candidate must be proactive and forward thinking possessing the ability to identify gaps and continuously advance operations.
 

Responsibilities

  • Provide onsite services to the customer in the event of an alert from a FireEye appliance or another indication of compromise. This could include advising on potential impact, likelihood of data exfiltration, and other scenarios where you must provide assessments with limited information available.
  • Function at a Tier III level to determine the extent of the compromise, attributes of any malware and possible data ex-filtrated based on network and email indicators
  • Develop solutions in an ad-hoc environment when long-term solutions are not feasible. For example, writing Python scripts to accomplish a task while a long-term solution is in-development.
  • Support client mitigation efforts – bring fresh ideas to the table while being mindful of limitations from operating in restricted environments. This includes leveraging threat intelligence to identify correlations in alert data and inform mitigation strategies.
  • Maintain awareness of the current threat environment and possible impact of newly discovered vulnerabilities and exploits. Cultivate current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response best practices.
  • Develop custom reports based on data from multiple sources, including FireEye appliances, FireEye threat intelligence, network sensors, and outside intelligence feeds
  • Present technical material in a clear, organized briefing to a mix of technical and non-technical personnel
  • Provide thought leadership beyond current computer network defense technologies and apply innovative, effective solutions in real settings
  • Introduce cyber defense abstractions beyond predictive approaches
  • Provide mentorship and instruction to partners and junior analysts

Requirements

  • Top Secret / SCI with Polygraph required
  • Four or more years’ experience in a hands-on technical role functioning as an incident responder, network forensic analyst, or malware analyst.
  • Familiarity with Snort and Yara signatures
  • Deep knowledge of networking (TCP/IP, design, traffic flow, protocols, sessions), operating systems (Windows / *nix), and web technologies.
  • Experience conducting analysis of packet capture, log data, and network device syslog in support of intrusion analysis or enterprise level information security operations
  • Experience with advanced computer exploitation methodologies and data correlation through the use of System Information and Event Management (SIEM) and cloud tools
  • Demonstrated ability to make decisions on remediation and counter measures design for challenging information security threats
  • Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives
  • Exceptional written communication
  • Experience with FireEye products highly desired
  • Experience with malware analysis and reverse engineering highly desired
  • Ability to work with little direct oversight

Additional Qualifications

  • One or more of the following technical certifications is desired: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), or equivalent certifications in these areas
  • Experience with a scripting language such as Perl, Python, or other scripting language used in an incident handling environment
  • Malware analysis experience such as conducting static analysis against binaries to identify evasion techniques, why mitigations may not be effective, and other behaviors is a plus.
  • Experience using Splunk Query Language (or a similar query language)
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. 

FireEye is an Equal Opportunity Employer:


Connect with FireEye

  • LinkedIn
  • Twitter
  • Facebook
  • Google+
  • YouTube
  • Glassdoor

 Print Version

Our Values

Do It Right

Be Curious

Fixate on Challenges

Put the Customer First

Be Respectful

Execute

Company

News and Events

Technical Support

FireEye Blogs

Threat Map

Contact Us

  • +1 877-347-3393
     

Stay Connected

<!-- Google Code for Remarketing Tag --> <div style="display:inline;"><img height="1" width="1" style="border-style:none;" alt="" src="https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063990389/?value=0&amp;guid=ON&amp;script=0"/></div> <!-- Just Media Code for remarketing tag --> <img height="1" width="1" alt="" style="display:none;" src="//www.bizographics.com/collect/?pid=6572&fmt=gif"/> </div>

Read Full DescriptionHide Full Description
Confirmed an hour ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

One Step Register
Need an account? Sign Up