About the job

In this role, being onsite 3-4 days per week and embedded with a Budapest-based customer several days per week.
You will leverage Google's cyber threat intelligence to enable network defenders and customer Cyber Threat Intelligence (CTI) teams to defend against the threats they face. You will be supported by a network of colleagues and specialists across Google Threat Intelligence, contributing to a wealth of technical skills and CTI knowledge. With access to industry-leading tooling and data, you will work toward delivering on customer priority intelligence requirements. This role focuses on supporting the customer's CTI defensive mission, helping their SOC, threat hunters, detection engineers, and CTI analysts counter threats and ensure the safe and secure running of their networks and operations.
Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

Responsibilities

• Serve as the Advanced Intelligence Access (AIA) integrator for a customer.

• Build an understanding of the customer's Cyber Threat Intelligence (CTI) requirements. Identify their needs and opportunities for the deployment of CTI within their operations to achieve the greatest defensive impact.

• Track, research, and contribute CTI analysis within Google Threat Intelligence regarding the customer's priority threat concerns.

• Support the integration of CTI into the customer's security processes and technologies, including SIEM and Threat Intelligence Platform (TIP) systems.

• Generate CTI and perform analysis of customer data, utilizing their bespoke sources to identify threat activity or to build and automate investigative workflows.

Minimum qualifications

• Bachelor's degree or equivalent practical experience.

• 5 years of experience in a customer-facing role in cyber intelligence and cyber operations.

• Experience working with security operations functions such as SOC tier 1/2, hunt teams, executive managers, CISO.

• Experience working in a government or military environment, developing cyber threat intelligence for network, host and log analysis, to enable the detection and response to cyber threats.

• Experience analyzing indicators of compromise (IOCs) including sandbox output.

Preferred qualifications

• Experience leveraging CTI to describe, track, and develop new intelligence on advanced persistent threats.

• Experience with network IDS monitoring, EDR solutions, SIEM, and Security Orchestration, Automation, and Response (SOAR) integration, as well as managing and contributing CTI into a Threat Intelligence Platform.

• Experience conducting or supporting incident response and investigations within enterprise environments.

• Experience in SOC operations, threat hunting, detection engineering, and SOC workflow optimization.

• Understanding of core cybersecurity concepts, common enterprise IT infrastructure components, operating system internals, and networking.

• Eligibility and willingness to undergo Security Checked (SC) security clearance, and ability to maintain it.