Mandiant Incident Response Internship - Summer 2022
A successful Incident Response intern at Mandiant should possess an understanding of both information security and computer science. They should understand basic concepts such as network security, forensics, and operating system functionality and be able to learn advanced concepts such as malware triage, Tactics, techniques, and procedures (TTPs), working with enterprise security controls and building methodologies to enhance investigation processes. This is not a “press the button” type of job; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. You will be building up a foundation in responding to and managing impactful cyber breaches. If you can think like an attacker, stay one step ahead, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.
As a Mandiant intern, you’ll get hands-on experience with complex problems on a daily basis. We help our clients protect their most sensitive and valuable data through comprehensive and real world scenario testing.
To be successful, you will quickly assimilate new information as you face new client environments on a weekly or monthly basis. You will understand all the threat vectors to each environment and properly assess them. You will get to work with some of the best incident responders in the industry, causing you to develop new skills as you progress through your career. Are you up to the challenge?
What You Will Do:
- Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate and discuss findings and strategy with internal stakeholders including leadership and technical team members
- Recognize and safely utilize attacker tools, tactics, and procedures
- Develop scripts, tools, or methodologies to enhance Mandiant’s incident response processes and capabilities
- 1+ years' experience, via internships, classes, projects and similar, in at least two of the following:
- Windows disk and memory forensics
- Experience with static and dynamic malware analysis
- Shell scripting or automation of simple tasks using Perl, Python, or Ruby
- Reverse engineering malware, data obfuscators, or ciphers
- Source code review for control flow and security flaws
- 1+ years exposure and working with tools used for forensic collection and analysis
- Understanding of network protocols, data on the wire, and covert channels
- Understanding of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell
- Must be eligible to work in the US without sponsorship
- Prior experience in a technical security internship
- Experience in security competitions, CTFs and/or testing platforms such as Hack the Box, TryHackMe, Overthewire, etc
- Related projects around cybersecurity, programming, etc
- Strong technical acumen and ability to quickly assimilate new information
- Time management skills to balance time amount multiple tasks and priorities
- Ability to successfully interface with clients (internal and external) and manage expectations of others
- Ability to document and explain technical details in a concise, understandable manner
At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Minimum Hourly Rate: $25. Final rate will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations.
Benefits: Employer subsidized benefits include Medical Insurance. FireEye also provides Flexible Paid Sick Time and Paid Holidays.
*Disclosure as required by sb19-085 (8-5-20)