Role Overview

Team/Org Overview

The Mandiant Threat Defense Security Analyst team monitors, detects, and responds to cyber-attacks for many of the world’s top companies. Analysts apply security and response expertise alongside threat intelligence to deliver high-impact services to Mandiant Threat Defense customers, including actionable recommendations and compromise reports.

The team is responsible for triaging security alerts, conducting forensic investigations, and producing technical reports. They utilize tools such as Google SecOps and Splunk to analyze telemetry and identify events, communicating findings through detailed reports.

Top 3 Key Skills Required

1. Proficiency with one or more EDR tools (e.g., HX, SentinelOne, Microsoft Defender for Endpoint, CrowdStrike)
2. Proficiency with NDR tools (e.g., NX, Corelight, Palo Alto NGFW)
3. Strong log analysis skills to investigate and scope security incidents

Experience & Requirements

• Minimum experience: At least two years in cybersecurity
• Hands-on cybersecurity experience is essential
• Experience with EDR (Endpoint Detection and Response) and NDR (Network Detection and Response) tools
• Strong understanding of the network stack, HTTP, and common network protocols
• Knowledge of the typical attack lifecycle with focus on endpoint and network technologies
• Familiarity with endpoint analysis

Key Focus Areas for Shortlisting

To support the hiring manager’s priorities, please prioritize candidates with demonstrable, hands-on investigation experience, not just conceptual familiarity with tools. Specifically, candidates should be able to:

• Investigate alerts generated by EDR/NDR tools
• Determine root causes of security incidents
• Use EDR logs to analyze host activity and build comprehensive timelines of events

Preferred Certifications

• OSCP
• Blue Team Level 1 or Level 2

Preferred Backgrounds

• Candidates from companies such as Huntress or CrowdStrike are especially strong profiles to consider.