Security Engineer, Mandiant, Google Cloud
Virginia, USA
Minimum qualifications:
- Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience.
- 2 years of experience in detection engineering with YARA, Snort/Suricata, EDR rule creation.
Preferred qualifications:
- Experience working in ticketing systems.
- Detection engineering experience with Yara-L or Sigma.
- Understanding of intrusion operations and models such as MITRE ATT&CK, Cyber Killchain, or Mandiant Targeted Attack Lifecycle.
- Ability to identify detection opportunities in intelligence, sandbox, and malware reports.
- Excellent problem-solving, troubleshooting, analysis, written and verbal communication skills.
About the job
Mandiant Intelligence Operations’ mission is to illuminate threats and empower defenders. The Mandiant Detection Engineering Team’s (MDET) purpose is to provide the detection operations capability for Mandiant Intelligence; to enable and scale our detection efforts, oversee rulesets, work on escalations, identify and close detection gaps, and provide ongoing support to detection and hunting efforts.
As a Security Engineer on MDET, you will respond to detection engineering requests based on Google’s global visibility into the latest threats and develop specialized detection content utilizing multiple detection engines for both internal and external use. You will reverse engineer malware to create high-fidelity resilient detections for threats facing our users.
In this role, you will also contribute to the detection operations program responsible for supporting detection efforts of teams across Google; ensuring deployed detection rules perform as expected and work on issues with deployed rules. You will look for opportunities to automate your workflows, scale the impact you have in building detections, and analysis tools for thousands of malware families.
Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats.
The US base salary range for this full-time position is $161,000-$239,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.
Responsibilities
- Support detection efforts across the full scope of Google Threat Intelligence.
- Analyze threats to build detection content in Yara, Snort/Suricata, Yara-L, and EDR rule formats. Review reports and other technical threat data to identify detection opportunities.
- Determine current detection coverage for malware samples, network traffic, and endpoint events. Peer-review detection rules to enforce quality and process.
- Monitor and tune deployed detection rules to mitigate false positives. Build and use detection rule generation and automation systems.
- Work with multiple expert teams simultaneously in stressful environments and timeframes.
Tags: Automation Cloud Computer Science Cyber defense EDR GCP Incident response Malware MITRE ATT&CK Snort Threat intelligence
Perks/benefits: Equity Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Editor jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs