FireEye Security Engineer

Job Description

Join an industry leading team performing challenging and meaningful work. FireEye is supporting a critical customer mission to design, build, deliver, and operate a national level network defense capability. FireEye is seeking a Security Engineer that will be responsible for supporting the complete capability lifecycle for the customer’s FireEye security implementation.

The Security Engineer will work closely across teams to refine and deliver requirements and use cases focused on the design, development, testing, and implementation of custom playbooks, analytical workflows, technical capabilities, intelligence integration, and other cyber defense capabilities in support of the customer’s active defense mission. The Security Engineer will be responsible for ensuring capabilities are integrated into all existing and new system solutions while maintaining consistency with the customer’s reference technical architecture, standards, and guidelines.

The successful candidate will have a background in large-scale operational environments focusing on cyber defense. The candidate should have prior experience performing incident analysis and reporting as well as experience developing defensive capabilities. Experience with various network, system, and virtualization technologies is essential.

• Design, test, and implement innovative and advanced solutions in support of a distributed network defense program that focuses on active defense.
• Facilitate discovery of new cyber defense solutions that focus on elevating capabilities and that scale efficiently.
• Enhance operational efficacy and efficiency through security orchestration, automation, and response and development of evolutionary defensive architectures and capabilities.
• Interface across engineering and operations teams to translate requirements into use cases and solutions that address core customer needs.
• Gather data and formulate automated mitigation plans for effective and real-time active defense and response.
• Serve as a subject matter expert for computer network defense strategies and solutions, and act as a trusted advisor providing strategic and forward-leaning tactical advice.
• Interface directly with customer and program management team for day-to-day operations and engineering tasks.
• Provide defensive cyberspace operations (DCO) support to the customer at the Tier III level. This includes enriching boundary activity with additional investigative and intelligence context and advising on next steps. This will constitute less than 15% of support delivered to the customer.
• Create Security Operations Standard Operating Procedures around FireEye products including procedures for incident response, IOC sweeping, forensic analysis, disaster recovery, workflow and process diagrams
• Develop custom reports/dashboards and other custom configurations / use cases with FireEye products within the customer’s environment
• Maintain current knowledge of tools and best-practices in combatting advanced persistent threats, including tools, techniques, and procedures (TTPs) of attackers and tools and processes for forensics and incident response

Qualifications

• Five (5) or more years of related experience
• Bachelor’s degree in Computer Science, Cyber Security, Cyber Operations, or a related discipline
• Top Secret / SCI clearance at minimum

• Experience in operational cyber defense environments.
• Experience designing and implementing security architectures and solutions, preferably in a large-scale environment focused on active defense.
• Experience with breach detection systems, log analysis, network traffic flow and packet analysis.
• Experience with Security Incident Event Management, Log Correlation and Network Behavior Anomaly detection systems (e.g. ESM, Splunk, ArcSight).
• Understanding of security infrastructure (proxies, firewalls, email filtering technologies, and network intrusion detection systems)
• Current knowledge of security threats, solutions, security tools and network technologies
• Excellent knowledge of security solutions and technologies, including: Linux based tools, network and endpoint solution architecture/implementation/configuration
• Experience and knowledge of network protocols, packet flow, TCP and UDP traffic
• Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives.
• Ability to operate strategically and dynamically and manage multiple ongoing tasks with diverging priorities and focus.
• Ability to work with little direct oversight
• Experience with FireEye security products, highly desired
• Experience with scripting languages such as PowerShell and/or Python, desired
• Must be willing to travel occasionally

• ·Certified Information Systems Security Professional (CISSP) certification, highly desired
• Information Systems Security Engineering Professional (ISSEP) or Information System Security Architect Professional (ISSAP) certification, desired
• SANS/GIAC Certified Incident Handler (GCIH), desired
• SANS/GIAC Reverse Engineering Malware (GREM) certification, desired

Additional Information