Security Engineer, Mandiant, Google Cloud

Minimum qualifications:

• Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience.
  
• 2 years of experience in detection engineering with YARA, Snort/Suricata, EDR rule creation.
  

Preferred qualifications:

• Experience working in ticketing systems.
  
• Detection engineering experience with Yara-L or Sigma.
  
• Understanding of intrusion operations and models such as MITRE ATT&CK, Cyber Killchain, or Mandiant Targeted Attack Lifecycle.
  
• Ability to identify detection opportunities in intelligence, sandbox, and malware reports.
  
• Excellent problem-solving, troubleshooting, analysis, written and verbal communication skills.
  

About the job

Mandiant Intelligence Operations’ mission is to illuminate threats and empower defenders. The Mandiant Detection Engineering Team’s (MDET) purpose is to provide the detection operations capability for Mandiant Intelligence; to enable and scale our detection efforts, oversee rulesets, work on escalations, identify and close detection gaps, and provide ongoing support to detection and hunting efforts.

As a Security Engineer on MDET, you will respond to detection engineering requests based on Google’s global visibility into the latest threats and develop specialized detection content utilizing multiple detection engines for both internal and external use. You will reverse engineer malware to create high-fidelity resilient detections for threats facing our users.

In this role, you will also contribute to the detection operations program responsible for supporting detection efforts of teams across Google; ensuring deployed detection rules perform as expected and work on issues with deployed rules. You will look for opportunities to automate your workflows, scale the impact you have in building detections, and analysis tools for thousands of malware families.

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats.

The US base salary range for this full-time position is $161,000-$239,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

• Support detection efforts across the full scope of Google Threat Intelligence.
• Analyze threats to build detection content in Yara, Snort/Suricata, Yara-L, and EDR rule formats. Review reports and other technical threat data to identify detection opportunities.
• Determine current detection coverage for malware samples, network traffic, and endpoint events. Peer-review detection rules to enforce quality and process.
• Monitor and tune deployed detection rules to mitigate false positives. Build and use detection rule generation and automation systems.
• Work with multiple expert teams simultaneously in stressful environments and timeframes.