Back to all jobs

Senior Principal Security Researcher (Remote US)


Sep 27

Company Description

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at

Job Description

The Role:

-        Lay the foundation: research, model, and integrate threat data

-        Build the layers: search telemetry to find new intrusions, malware and tradecraft

-        Work the resolution: notify our clients and affected orgs while closing collection gaps

-        Make Everyone Better: push research findings from the team into blogs and other public formats when applicable


Advanced Practices is finding net-new evil across all Mandiant customers and are looking for tenacious researchers who love the thrill of the hunt to join our team. As a Security Researcher, you will be part of the Advanced Practices team focused on reverse-engineering adversary tradecraft and operationalizing what we learn for the highest echelon of subversive threats.

The best candidate will be driven to discover new intrusion activity and find creative ways to distill the voluminous threat data from our weak signals down to new and interesting findings for our clients. We encourage giving back to the security community and strongly support sharing of expertise.

About Advanced Practices:

Advanced Practices was formed in 2015 to exclusively focus on the most difficult threats facing our clients and our company independent of product or business lines.  We work with every other Mandiant team to track, correlate, attribute, detect, and collect on our adversaries using advanced analysis and deep research.  Advanced Practices codifies and makes actionable the knowledge from thousands of annual event responses, all available organic telemetry, and other novel sources and methods.  As an extension of this work, Advanced Practices acts as key practitioners driving Mandiant’s larger development for technology, process, and thought leadership.

Illumination.  Advanced Practices illuminates under-reported or uncorrelated intrusion activity to expose and amplify complex adversary activity. We search for the nearly imperceptible traces of attackers wherever we can find them and seek to surface their activity for action.

Front-line Visibility. Our team of 40+ talented security research and threat analysis professionals bring centuries of experience investigating intrusions, analyzing malware, and dissecting digital artifacts to deliver front-line innovation for Mandiant/.

Threat Discovery. Our goal is simple: to know the most about adversaries and make this knowledge actionable. Advanced Practices enables early discovery and analysis of adversary operations and their tradecraft so that our customers are protected.

It’s How that Works. Our team studies the world’s most impactful intrusions from the Mandiant frontlines to understand how apex attackers operate. The focus on technical evidence and how our adversaries operate powers the who our adversaries are and contributes to new how’s to keep the cycle in motion.

Surfacing the Unseen. We look for unique features and common adversary methods across all intrusions and malware so we can develop resilient monitoring, detection, and discovery of attacker activity. We set proactive traps and develop threat signals to capture real-time and historic adversary activity from important, evasive, and emerging threats.  Additionally, we examine historical data for new patterns based on recent finds.


  • Hunt for emerging threat activity across all available Mandiant telemetry: discover net-new malware families, intrusion activity, and suspicious events associated with Advanced Practices and notify our customers
  • Analyze technical threat data to extract TTPs, malware techniques and adversary methods with low (or no) detections, and help close those gaps across Mandiant
  • Drive detections and technology through threat expertise and knowledge
  • Provide threat context and integration support to multiple Mandiant service lines
  • Provide threat research and context to global service delivery
  • Perform threat research and analysis during high-severity cyber-attacks impacting Mandiant customers globally
  • Deconflict complicated analytical efforts using organic data
  • Work with multiple expert teams simultaneously in stressful environments and timeframes


Minimum Requirements:

  • 6 + years of experience in an analytical role of either network forensics, threat analyst, or security consultant/engineer
  • 6 + years of experience in Investigative or Incident Response environments
  • 6 + years of experience with direct delivery of technical information to clients or public in reports or presentations
  • Technical experience in at least three of the following areas:
    • Detection engineering with experience in pattern-matching languages (OpenIOC, Yara, Snort/Suricata, or similar signature framework)
    • Windows disk and memory forensics
    • Network Security Monitoring (NSM), network traffic analysis, and log analysis
    • Unix or Linux disk and memory forensics
    • Basic Static and dynamic malware analysis
    • Applied knowledge in at least one scripting or development language (such as Python)
    • Understanding of enterprise security controls in Active Directory / Windows environments
    • Tracking threats in an intelligence function

Desired Qualifications:                                              

  • Proven analytical leadership skills with the ability to prioritize and execute
  • Ability to set and manage expectations with senior stakeholders and team members
  • Strong problem solving, troubleshooting, and analysis skills
  • Experience working in fast-paced development environments
  • Self-driven, proactive, hardworking, creative, team-player
  • Excellent communication and presentation skills with the ability to present to technical and non-technical audiences
  • Exceptional written communication skills

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Minimum Salary: $145,000. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations. 

Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from FireEye’s Compensation Committee, and vesting terms  

Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, FireEye also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. FireEye also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.  

*Disclosure as required by sb19-085 (8-5-20