APT L2 Engineer

The APT L2 Engineer will provide operational support for managing, configuring, and optimizing Advanced Persistent Threat (APT) solutions, ensuring the detection, analysis, and mitigation of advanced cyber threats.

1. APT Solution Administration • Configure, manage, and optimize FireEye NX (Network Security), HX (Endpoint Security), and AX (Malware Analysis) appliances. • Monitor network traffic, emails, endpoints, and malware behavior to detect advanced threats. • Integrate FireEye solutions with SIEM tools (Splunk) for security event correlation. • Ensure continuous threat intelligence updates to protect against zero-day threats and APTs. 2. Incident Response & Threat Hunting • Investigate escalated security incidents detected by APT solutions. • Perform forensic analysis on infected endpoints and compromised network segments. • Work with SOC and threat intelligence teams to identify and mitigate APT campaigns. • Assist in containment, eradication, and recovery phases of cybersecurity incidents. 3. Threat Intelligence & Security Analysis • Analyze FireEye alerts, sandbox reports, and malware indicators (IoCs, IoAs). • Proactively hunt for threats using MITRE ATT&CK framework, YARA rules, and Threat Intelligence. • Fine-tune malware detection rules, whitelists, and signature-based alerts to reduce false positives. • Stay updated on emerging cyber threats, TTPs (Tactics, Techniques, Procedures), and adversary trends. 4. Security Compliance & Documentation • Ensure FireEye solutions comply with security frameworks. • Maintain and update incident response playbooks, runbooks, and security policies. • Assist in security audits, risk assessments, and compliance reviews. 5. System Maintenance & Performance Optimization • Conduct regular health checks on FireEye appliances and troubleshoot performance issues. • Apply firmware updates, security patches, and configuration optimizations. • Monitor log retention, appliance resource utilization, and storage capacity.

Education & Certification Requirements: 1. Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. 2. Preferred Certifications: • FireEye Certified Incident Responder (FCIR) – (Preferred) • FireEye Certified Security Analyst (FCSA) – (Preferred) • CompTIA Security+ Experience Requirements: • 3-5 years of experience in cybersecurity operations, threat analysis, or SOC/NOC environments. • Prior experience in FireEye APT solutions administration and incident response.