Mandiant società leader globale di sicurezza informatica, ricerca un Security Analyst per la sede di Roma. I dipendenti possono lavorare da remoto.
Company Description
Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.
Job Description
You are fanatical about security. No really, you will do whatever it takes to keep the bad guys out. You have a strong understanding of network and host based attacker methodologies. Analyzing forensic data, picking apart malware, and responding to security incidents excites you! You thrive and enjoy working in a fast paced environment, surrounded by brilliant and like-minded people. You walk into the office everyday with a passion to learn more. You derive great satisfaction from delighting customers, have strong attention to detail, exude excellence and have more drive than an exotic Italian sports car.
As a Security Analyst you will be focused on host and network analysis, diving deep into host systems and packets hunting for attackers or remnants of their activity . Alongside your wicked smart team members, you’ll be entrusted to deliver high impact and value services to some of the most recognized brands in the world, protecting them from threats that actually matter to their business 24×7.
Qualifications
What We Will Do For You
- On a daily basis, you’ll find the most malicious attacker activity the Internet has to offer
- Let you scour systems and analyze tons of network traffic looking for attacker presence
- Be Challenged to evolve how we detect and respond to attackers by authoring new and innovative Indicators of Compromise
- Expose you to some of the most exciting and cutting edge techniques to find evil
- Training and continuous coaching and mentoring to grow your technical and professional skills like no one else
- Work with a team of brilliant people that you can learn from and build lasting relationships with
- Develop an understanding of your aspirations and provide opportunities that we believe will get you there
- Inspiration to stretch your performance by allowing you to tackle seemingly impossible problems
- Encouragement challenge the status quo, think creatively, and innovate –make us better
- An environment of trust and camaraderie, where you can speak freely about your ideas
- A platform from which you can make a real impact against the bad guys
- Develop an understanding of, and be flexible to, your needs
What You Can Do For Us
- Get your toolbox out and dive deep into systems to help us identify and eradicate attackers
- Use your insanely keen network analysis skills to find evil on the wire
- Define relationships between seemingly unrelated events through deductive reasoning
- Come up with ways to do things faster, better and more effectively while maintaining a laser focus on quality
- Be fanatical about delighting our customers
- Be honest, transparent and genuine with our customers and your peers
- Exude excellence
- Make sure you have fun – lots of it
- Help us protect the world
- Work hard, but smart; balance your work and life
Qualifications
What You Can Bring With You
- The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed.
- Deep understanding of incident response best practices and processes
- Familiarity with intrusion detection systems (e.g., snort) and tools (e.g., tcpdump, Wireshark).
- Knowledge of attack vectors, threat tactics and attacker techniques.
- Familiarity with network architecture and security infrastructure placement.
- Understanding of Windows operating systems and command line tools.
- A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols.
- Knowledge of network based services and client/server applications.
- Your bachelors degree – or a very convincing argument.
Additional Information
Additional Qualifications:
- Degree in computer science, or related discipline
- Experience working on a mission critical security operations team, preferably 24×7.
- Exemplary communication and interpersonal skill.
- Ability to document and explain technical details clearly and concisely.
- A willingness to be challenged and a strong desire to learn.
- An open mind and an appetite for excellence
Network
- Wireshark
- Understand a signature
- Protocol – timing, data sizes, commands
- Context – inbound vs outbound (webshells), DNS servers vs HTTP proxy
- Components – C2 interaction vs beaconing vs profiling
- Knowing the Internet – identifying something as legitimate vs malicious
- Intel querying vs OSINT
- Knowledge of protocols – SMB, HTTP Proxy, DNS, ICMP
- Netflow Analysis
- Perform queries to gain additional context
- Understanding ports, sessions length, direction
- DNS & HTTP
- Collect and analyse DNS/HTTP logs for additional context
- Signatures
- Identify issues with signatures and propose improvements
Endpoint
- Hit Review
- Understand a signature
- IOCs intent – what it’s looking for, what it hit on, caveats
- Context – malware, decoy, side-loaded DLL (legit binary), tools, methodology
- Triaging
- Collecting forensic information to determine TP vs FP
- Malware triaging – assessing MTA and performing dynamic analysis in VM
- Signatures
- Identify issues with signatures and propose improvements
- Live Response
- Build LR timelines under supervision
- Threat Intel
- Understand how malware and tools are used by the threat actors
Additional Information
All your information will be kept confidential according to EEO guidelines.
