FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at https://www.fireeye.com/company.html.
FireEye Mandiant Security Consulting Services ensures the long-term success of our clients by providing talented, passionate, and specialized security expertise. Our Consultants partner with FireEye clients to evaluate, create, develop, improve, and mature information security operations and programs. By utilizing the latest industry standards and combining experience and knowledge gained from Mandiant Incident Response, Intelligence and Managed Defense practices, we are able to develop defense forward information security programs for our clients.
As an Information Security Consultant, you will be responsible for helping our clients assess, design, operate and build effective security programs. As an established trusted advisor, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in security governance, security risk management, security operations, security architecture, and/or cyber incident response programs. This is a regional specific role which must be based out of the central region of the U.S.
What You Will Do:
- Manage, maintain and operate the client’s Threat and Vulnerability Management (TVM) platform
- Asses the overall TVM program, recommend improvements, and optimize TVM scanning strategies
- Maintain an accurate and up-to-date asset inventory list
- Perform analysis of scan results, assign risk ratings for vulnerabilities and help prioritize remediation efforts
- Work with key stakeholders on remediation plans, provide guidance and follow through to remediation closure
- Help establish and operationalize Key Performance Indicators, reporting and metrics to track maturity of TVM program
- Engineer, document and maintain TVM processes
- Act as a trusted advisor for the client regarding ongoing security visibility, incident handling, and incident response efforts. Help client identify gaps and continuously improve security posture
- Lead clients through detection events and ensure effective incident response and remediation
- Coordinate and manage investigative and remediation efforts across client business units during response activities and any post-mortem analysis
- Serve as a Subject Matter Expert (SME) to client on alert investigation, playbook documentation, cyber kill chain and MITRE attack framework
- Draft and implement playbooks for alert investigation and incident response
- Conduct real-time analysis using the SIEM, FireEye technologies, and other security analytics tools with a focus on identifying security events and false positives.
- Support correlation and initial triage of security events and indicators generated by security monitoring tools.
- 2+ years of experience with threat and vulnerability management tools, such as Qualys, Tenable, Rapid 7, or other similar technologies
- Minimum of five years in threat and vulnerability management, security risk management, incident response, security operations, or other information security experience
- Strong understanding of different vulnerability types and common weakness enumeration (CWE). Familiarity with web application and/or OS-level vulnerability categories and documentation (OWASP, CVE)
- Strong communication skills with ability to communicate efficiently with technical and non-technical audiences
- Ability to assess risk and applicability of new vulnerability notifications
- Familiarity with security risk management approaches or frameworks (FAIR, NIST 800-53, etc.)
- Familiarity with hardening guidelines such as DISA STIGs or CIS benchmarks
- Basic understanding of network protocols, network devices, computer security devices, secure architecture and system administration in support of computer forensics and network security operations
- Strong knowledge of enterprise detection technologies and processes including Advanced Threat Detection tools, IDS/IPS, Network Packet Analysis, and Endpoint Protection
- Fundamental understanding of operating systems, including Windows, Linux, and OSX
- Proficiency in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
- Basic understanding of the components that comprise a successful information security program
- Experience with scripting languages, such as Python
- Must be eligible to work in the U.S. without sponsorship
- Ability to successfully interface with clients and manage expectations
- Ability to document and explain technical details in a clear and concise manner
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
This is a regionally-based role and candidates must be located in the Central Region of the United States, including Texas, Illinois, Wisconsin, Minnesota and other states within the central time zone.