Security Engineer, Detection Engineering, Mandiant
Amsterdam, Netherlands; Netherlands
Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 5 years of coding experience in one or more general purpose languages.
- 5 years of experience with security assessments, security design reviews, or threat modeling.
- 5 years of experience with security engineering, computer and network security, and security protocols.
- Experience with intrusion operations and models such as MITRE ATT&CK, Cyber Killchain, or Mandiant Targeted Attack Lifecycle.
- Detection engineering experience with Yara-L or Sigma.
Preferred qualifications:
- Experience building and using detection rule generation and automation systems.
- Ability to identify detection opportunities in intelligence, sandbox, and malware reports.
About the job
Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.
Mandiant Intelligence Operations’ mission is to illuminate threats and empower defenders. The Mandiant Detection Engineering Team’s (MDET) purpose is to provide the detection operations capability for Mandiant Intelligence; to enable and scale our detection efforts, oversee rulesets, work on escalations, identify and close detection gaps, and provide ongoing support to detection and hunting efforts.
As a Security Engineer on MDET, you will respond to detection engineering requests based on Google’s global visibility into the latest threats and develop specialized detection content utilizing multiple detection engines for both internal and external use. You will reverse engineer malware to create high-fidelity resilient detections for threats facing our users.
You will also contribute to the detection operations program responsible for supporting detection efforts of teams across Google; ensuring deployed detection rules perform as expected and work on issues with deployed rules. In this role, you look for opportunities to automate your workflows and scale the impact you have in building detections and analysis tools for thousands of malware families.
We encourage giving back to the security community and strongly support sharing of expertise through blogs, whitepapers, tool releases, and conference talks.
Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats.
Responsibilities
- Support detection efforts across the full scope of Google Threat Intelligence.
- Analyze threats to build detection content in Yara, Snort/Suricata, Yara-L, and EDR rule formats.
- Review reports and other technical threat data to identify detection opportunities, while also peer-reviewing detection rules to enforce quality and process.
- Determine current detection coverage for malware samples, network traffic, and endpoint events.
- Monitor and tune deployed detection rules to mitigate false positives, while also building and using detection rule generation and automation systems.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Cloud Cyber defense EDR GCP Incident response Malware MITRE ATT&CK Network security Security assessment Snort Threat intelligence Vulnerabilities
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs