About the job

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

The US base salary range for this full-time position is $101,000-$144,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

• Analyze real-time security events across endpoint, network, and cloud environments using a centralized analyst console and SIEM/Google Sec Ops platform. Execute basic static and dynamic analysis of suspicious files to determine capabilities.

• Perform host and network forensic analysis to support incident response efforts, understand attacker activity, and assess customer impact.

• Determine the severity, impact, and scope of security incidents and compromises. Isolate compromised hosts and stop lateral movement or ransomware propagation.

• Identify benign patterns (e.g., breach simulations, authorized admin activity) and write logic to suppress them, freeing up the team to focus on threats. Contribute to the improvement of YARA-L rules and detection logic based on the changing Threat Landscape.

Minimum qualifications

• Bachelor's degree in Cybersecurity, Information Technology, a related technical field, or equivalent practical experience.

• 2 years of experience in a SOC environment or information security role.

• Experience with one or more EDR tools (e.g., Trellix HX, etc.) or NDR tools (e.g., Trellix NX, etc.).

• Experience in log analysis to investigate and scope security incidents.

Preferred qualifications

• Master's degree in Cybersecurity, Information Technology or relevant experience.
• Understanding of the stages of the attack life-cycle.