FireEye, Inc. SOC Lead - Remote (Northeast Region US) in Boston, Massachusetts
Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. The SOC Lead has a supervisory role over the SOC Analysts and is accountable for all of the incidents tracked and investigated by the SOC team. They must have experience in performing Incident Response engagements, developing SOC policies, and working to support a culture of continuous improvement. The SOC Lead is a technical position that requires advanced skills and experience in cyber forensics, malware analysis, network traffic analysis, and compliance/litigation support. The SOC Lead must be capable of leading large investigations and organizing an incident response team to assist in containment and remediation efforts. Candidates for this position must be willing and capable of providing mentoring to junior members in the SOC team. Candidates for this position must enjoy working as a member of a highly technical team in a rapidly changing environment, be innovative and creative in detection tactics and techniques, and passion for protecting client data and corporate assets from diverse threats. What You Will Do: * Lead and conduct real-time and historical analysis using the SIEM, FireEye technologies, and other security analytics tools with a focus on identifying security events and false positives. Analyze potential security incidents after escalation by SOC Lead Analysts. * Manage incident investigations and responses involving advanced or complex threats. * Manage incidents escalated by FireEye Managed Defense, SOC Analysts, IT leadership, and Major Security Incidents. * Manage detailed incident response workflows, lead critical security incident response investigations, and work with asset owners, stakeholders, the SOC team, and relevant senior leadership to develop and execute remediation plans. * Lead technical meetings and working groups to address issues related to malware, threats, vulnerabilities, and cybersecurity preparedness * Lead post-incident reviews and develop after action reports. * Lead the development of incident related communications, including incident response reports, incident status updates, and implementation of lessons learned after an incident. Primary author of daily intelligence summaries for awareness and assessment of applicability to the organization to determine if Customer’s needs to act to mitigate. (i.e., industry wide breaches, zero-days that would impact the organization, global threats, etc.) * Lead the SOC Team in the maintenance and on-going improvement of all SOC processes and procedures, including the Incident Response Plan, IR Playbooks, Communications plans, SOC Monitoring, threat hunting, and SOC Metrics. * Manage day-to-day activities of the SOC Team regarding: Security Monitoring, Investigations and Response, and Threat and Vulnerability Intelligence. * Coordinate escalation for advance forensics, malware reverse-engineering, and additional host review tasks to third party vendors, including FireEye and others. * Lead the SOC team in researching and leveraging cybersecurity intelligence sources to improve SOC incident detection and response capabilities. * Articulate security incident details to business stakeholders and non-technical individuals. * 4+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience. * Experience leading SOC teams during cyber monitoring, hunting, and incident response investigations is required. * Advanced experience performing forensics, malware reverse engineering, and/or penetration testing * In-depth knowledge of security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, DDoS protection, and firewalls * In-depth knowledge of forensic tools such as EnCase, FTK, Volatility, FireEye Helix, and Redline * Knowledge of Microsoft Windows systems including active directory and Unix systems * In-depth knowledge of network devices such as firewalls, switches, and routers * Experience utilizing FireEye technology stack for security event triage and analysis and incident response * Experience utilizing industry leading SIEMs to conduct security investigations and threat hunting * Experienced in analyzing and inspecting log files, network packets, and other security tool information outputs from multiple system types * In-depth knowledge of basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, and network protocols * Knowledge of web application security and incident investigations * Demonstrated ability to build, execute and lead SOC initiatives, programs and an organization * Strong knowledge of Information Security, Risk Classification, Incident Management, Security Monitoring, Threat Intelligence and Incident Response functions * Experience with technical analysis of email headers, links, and attachments to determine if an email is malicious, and then executing the appropriate remediation techniques to protect the environment * Collaborate with peers and multiple teams to identify improvements and identify areas for tuning use cases or signatures to enhance monitoring value * Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency Additional Qualifications: * One or more of the following certifications are recommended: CompTIA Security +; CompTIA Network +; Information systems Security Professional (CISSP); SANS-GIAC certification (Security Essentials/GCIH, GCFA, GCED, GCIA, GNFA, GPEN, GWAPRT); CISCO (CCNA); EC-Council (CEH, LPT) * Managerial experience is preferred * Team-oriented and skilled in working within a collaborative environment * Solid written and communication skills with the ability to present ideas in business-friendly and user-friendly language * Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment * Excellent problem-solving abilities * Strong communication and listening skills, a thorough approach to complex problem solving, decision-making ability, and a high motivation towards setting and delivering "excellence" * Demonstrated ability to be flexible, positive, and creative in a dynamic, fast paced and changing environment. * Willingness to acquire in-depth knowledge of network and host security technologies and products (such as endpoint, network, email security) and continuously improve these skills * Ability to clearly and concisely document and explain technical details (e.g. experience documenting incidents, technical writing, etc.) At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. This is a regionally-based role that must be located in: New York, Boston, Pennsylvania, Washington DC, or in New England.