Senior Intrusion Detection System Engineer
MANDIANT - Mountain View, CA

This job posting is no longer available on MANDIANT. Find similar jobs:MANDIANT jobs

If you have a strong technical background, practical experience in information security and find yourself itching for the chance to improve intrusion detection capability, then we want to hear from you!

Summary of Job Description

Join Mandiant's Computer Incident Response Team (MCIRT) as an Intrusion Detection System (IDS) Engineer and become part of a rapidly growing and successful organization focused on today's emerging cyber security threats. The successful candidate will possess current technical skills and have experience supporting a 24x7 Security Operations Center (SOC) in the areas of network security monitoring and detection operations.

Essential Duties and Responsibilities

Operate and maintain enterprise Intrusion Detection System (IDS) sensors distributed nationwide.
Ensure high reliability of IDS sensors by responding to and resolving system issues.
Configure and manage feeds into enterprise event aggregation and correlation systems (e.g., Splunk, ArcSight).
Optimize analyst effectiveness by ensuring signature quality in collaboration with analysts and developers.
Maintain IDS signature deployment and repository, to include signature tuning, analysis and development.
Ensure the integrity, availability and uptime of IDS and related systems, to include performance base lining and measurement.
Document processes and procedures of all IDS and related infrastructure operations and monitoring.
Document incidents and daily activities into designated system and/or format.
Provide on-call support during non-core business hours.
Assist technical team members to integrate IDS capabilities with other systems.
Assist technical team members with technical insight facilitating ongoing incidents and mitigations.

Required Skills

Proven understanding and in-depth knowledge of Linux/UNIX platforms and administration.
Proven understanding and in-depth knowledge of regular expressions.
Proven understanding and in-depth knowledge of scripting languages (e.g., Perl, Python, Unix/Linux shell).
Experience with Intrusion Detection Systems (e.g., Snort/Sourcefire) deployment, management, optimization, troubleshooting and use.
Familiarity with IDS/SIEM integration methodologies and best/common practices.
Familiarity with Intrusion Detection System signature development and management.
Experience with server and network equipment deployment, management, optimization, troubleshooting and use.
Experience with network monitoring tools (e.g., tcpdump, Wireshark) and understanding of network packets.
Solid understanding of network protocols and experience in traffic analysis and packet inspection.
Ability to support implementation efforts for new technology capabilities and transition them to production.
Ability to document and explain technical details clearly and concisely.

Desired Technical Skills

Thorough understanding of computer networking, routing and protocols.
Mastery of Unix/Linux and Windows operating systems.
Familiarity with OS X operating system.
Experience correlating security event data and leveraging SIM/SIEM frameworks.
Hands on experience with a variety of different IDS/IPS and SEIMs.
Familiarity with offensive attack sequences and defensible security.
Experience with network intrusion detection, monitoring and support, to include understanding of common network threats, vulnerabilities and possible mitigations.
Experience with writing and editing technical documentation and operational procedures.
Experience analyzing network logs, syslogs, and/or IDS alert logs.
Working knowledge of desktop word processing and communications software (Microsoft Office, Visio, Project, PowerPoint, Excel, etc.).
High level of project coordination/management skills to manage the execution of maintenance activities, network outages and upgrades.

Education and Other Requirements

Bachelor's degree, or a combination of experience and/or Associate’s degree. Degree must be from an accredited institution, degree in a technical discipline preferred.
Minimum of five years of Information Technology and/or Information Security experience.
Candidate selected will be subject to a US Government background investigation and must meet eligibility requirements for access.
Willingness to travel up to 10%.


Mountain View, CA

  • Mandiant does not sponsor employment-based visas.

About this company
2 reviews
Mandiant is the go-to company for the Fortune 500 and government agencies that want to protect their most valuable assets from advanced...