Senior Manager (TS/SCI)

Job Description

Mandiantis a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

The Program Manager / Incident Response (IR) Lead will provide day-to-day management and services to support both federal government and commercial customers. Focus will be on host-based investigations, network forensics, using strong problem-solving skills, and able to communicate effectively to people at various layers to assist leadership to make timely and well thought out decisions. This role will work cross-functionally with their peers on other teams such as intelligence, SOC analysts, and engineering. This role is considered a subject matter expert for hunting via host-based and network-based analysis.

• Manage projects and programs for a large government customer
• Coordinate incidents for advanced attacks and multiple concurrent IR investigations
• Ensure proper resourcing of entire staff and suborganizations
• Ability to perform under Congressional visibility and to surge based on priority
• Advanced IR analytic skills to ensure proper chain-of-custody and evidence collection/review
• Perform security assessments providing comprehensive identification of vulnerabilities and support to clients facilitating activities within the incident response process
• Provide guidance on building and/or maturing information security programs, detecting and responding to computer security incidents, and implementation of tools and technologies used for enterprise security
• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects
• Implement and/or assess existing security controls
• Provide expert level knowledge of tools and technologies used for enterprise security
• Interface with clients to address concerns, issues or escalations; track and drive to closure any issues that impact the service and its value to clients

Qualifications

• Top Secret clearance with SCI eligibility and the ability to undergo polygraph (if client requested)
• Bachelor’s degree in an IT-related field or equivalent experience
• Twelve years (12+) years of cyber security experience; Ten years (10+) years of experience in an IR related role, including:
  • SOC CIRT support
  • Threat Hunting
  • Malware Analysis
  • Digital Forensics
  • Log Review
• Provide expert experience building information security programs to include hands-on implementation and/or assessment of security controls
• Ability to deliver long term technical projects on-time and within budget
• Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
• Ability to Interact with C-level, SES, and Congressional members
• Quickly master, simplify, and communicate the value proposition of complex subjects to clients
• Use formal project management skills in planning, tracking, and reporting on project progress
• Evaluate customer needs, coordinate design for a solution, and clearly communicate solutions
• Advanced experience with the critical tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations.
• Thorough understanding of cyber security operations, event monitoring, and SIEM tools (e.g., Splunk)
• Familiar with investigating network devices (e.g., proxies, SSL break-and-inspect, firewalls, VPN concentrators)
• Familiar with virtualization investigations (e.g., VMware, Citrix)
• Familiar with cloud investigations (e.g., Azure, O365, Amazon)
• Familiar with Unix and Windows operating systems and administrative tools

• Provide expert level knowledge of tools and technologies used for enterprise security
• Proven ability and understanding of the components that comprise a successful information security program
• Advanced Splunk certifications highly desired
• Excellent written and verbal communication skills

Additional Information