Note: Google's hybrid workplace includes remote roles.
Remote location: United Kingdom.Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 5 years of experience working in a government or military environment, leveraging and developing Cyber Threat Intelligence (CTI) for network, host, and log analysis to enable the detection of and response to cyber threats.
- Experience leveraging CTI data and tooling to describe, track, and develop new intelligence on Advanced Persistent Threats (APTs).
- Experience analyzing network data, Intrusion Detection System (IDS) monitoring, Endpoint Detection and Response (EDR) solutions, and contributing CTI into a threat intelligence platform.
Preferred qualifications:
- Experience in the analysis of CTI, supporting monitoring, detection, and response capabilities.
- Experience in deploying and analyzing data from technical security controls (e.g. web proxy, firewalls, IPS, IDS, enterprise antivirus solutions, network analyzers).
- Experience with standard network logging formats, network management systems and network security monitoring systems, and security information and event management.
- Experience in SOC operations, threat hunting, detection engineering and SOC workflow optimisation.
About the job
In this role, you will join Mandiant Intelligence as an Advanced Intelligence Access (AIA) Integrator, delivering key support to a strategic UK government client, embedded onsite four days per week, serve as a Cyber Threat Intelligence (CTI) technical specialist, empowering the customer and becoming a key contributor to their mission.
You will join a fantastic team, backed by Mandiant’s UK and global experts, supported with training, specialisms, access to industry-leading tooling and proprietary data to fuel your analysis. In this role, you will blend this unparalleled reach with your own technical tradecraft, driving capability maturity via automation and platform engineering to help secure UK Public Sector, and deliver impactful CTI for cyber defense.Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.Responsibilities
- Embed onsite at the customer location (3-4 days/week), partnering to support their Cyber Threat Intelligence (CTI) requirements and integrate deeply to enable their focused cyber defense mission.
- Track priority cyber threats as an embedded CTI centre of expertise, applying frameworks such as MITRE ATT&CK, and leveraging Mandiant tools and data to answer customer Request for Information (RFI's), author actionable intelligence and support dissemination and briefings.
- Support the integration of CTI into the customer's mission by building processes for its application within varied cyber defence technology stacks, including SIEM and TIP systems (Splunk, netflow, Sigma, Yara etc).
- Leverage Google Threat Intelligence Platform and other customer sources to maximise exploitation of CTI in Threat Hunting, with a focus on network analysis.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also
Google's EEO Policy and
EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our
Accommodations for Applicants form.
