1

Mandiant Jobs (NOW HIRING)

Conduct research and analysis of Mandiant MD5 hashes within the Tanium console to detect potential malicious activity, communicating findings to Senior Incident Response Analysts. Proactively monitor ...

Be Seen First

... Mandiant Security Verification, and SightGain. • The Application Support Specialist and the Systems Engineer will probably be required to back each other up and backup the incumbent Cybersecurity ...

Backed by strong investor support and early customer traction, our team is composed of experts from OpenAI, Meta, Mandiant, Palantir, Cruise, Trail of Bits, and Aptiv. About this Role We are seeking ...

Be Seen First

... Mandiant Security Verification, and SightGain. • The Application Support Specialist and the Systems Engineer will probably be required to back each other up and backup the incumbent Cybersecurity ...

Experience with intelligence platforms like Recorded Future, GreyNoise, or Mandiant a plus * Familiarity with SOAR tools, particularly Cyware, for automated SOC workflows a plus * Comfortable serving ...

Apply Early

SRE/Infrastructure Engineer

New York, NY · On-site

$180K - $250K/yr

Backed by strong investor support and early customer traction, our team is composed of experts from OpenAI, Meta, Mandiant, Palantir, Cruise, Trail of Bits, and Aptiv. About this Role We are seeking ...

Senior Detection Engineer

San Antonio, TX · On-site

$95K - $130K/yr

Experience with intelligence platforms like Recorded Future, GreyNoise, or Mandiant a plus * Familiarity with SOAR tools, particularly Cyware, for automated SOC workflows a plus * Comfortable serving ...

next page

Showing results 1-20

Mandiant information

See salary details

$23

$69

$151

How much do mandiant jobs pay per hour?

As of Jul 4, 2026, the average hourly pay for mandiant in the United States is $69.05, according to ZipRecruiter salary data. Most workers in this role earn between $30.29 and $133.17 per hour, depending on experience, location, and employer.

Is Mandiant a good place to work?

Mandiant is known for its cybersecurity focus and offers roles such as incident response analysts and threat researchers. Employees often cite a collaborative environment, opportunities for skill development, and exposure to advanced security tools. As with many tech companies, work-life balance and company culture can vary by team and location.

Is 30 too old for cyber security?

Mandiant cybersecurity professionals come from diverse backgrounds and ages, and age is not a barrier to entering the field. Success depends on skills, certifications, and experience with tools like intrusion detection systems and security protocols, which can be developed at any age.

What is a Mandiant job?

A Mandiant job typically refers to roles within Mandiant, a cybersecurity company known for threat intelligence, incident response, and cybersecurity consulting. Employees at Mandiant work to protect organizations from cyber threats by investigating incidents, analyzing threats, and improving security strategies. Positions range from security consultants to intelligence analysts and engineers, requiring expertise in cybersecurity, digital forensics, and threat intelligence.

Is Mandiant owned by Google?

Mandiant is a cybersecurity company that was acquired by Google in 2022. As a subsidiary of Google, Mandiant continues to operate with its focus on threat intelligence and incident response services for security professionals.

What are the key skills and qualifications needed to thrive in the Mandiant position, and why are they important?

To thrive in a role at Mandiant, candidates typically need strong expertise in cybersecurity, incident response, and threat intelligence, often supported by a degree in computer science, information security, or equivalent experience. Hands-on familiarity with tools such as SIEM platforms, endpoint detection and response solutions, and certifications like CISSP, CEH, or GIAC are commonly required. Analytical thinking, effective communication, and teamwork differentiate outstanding professionals in this field. These skills and qualities are critical to accurately identify, investigate, and mitigate sophisticated cyber threats in high-pressure situations.

What are the typical day-to-day activities for someone working in a cybersecurity role at Mandiant?

Professionals working at Mandiant can expect to spend their days investigating cybersecurity incidents, conducting threat analyses, and collaborating with clients to improve their security posture. Daily tasks often include analyzing network traffic, responding to ongoing security breaches, preparing detailed reports, and advising clients on mitigation strategies. Team members work closely with other cybersecurity experts, client IT teams, and occasionally law enforcement to gather intelligence and coordinate defense efforts. The role offers a highly dynamic environment where adaptability and continual learning are essential, making each workday both challenging and rewarding.

How much does Mandiant pay?

Salaries for Mandiant cybersecurity roles vary depending on experience, location, and specific position, but entry-level roles typically start around $70,000 annually. More experienced professionals or specialized roles can earn over $120,000 per year, often with additional benefits and opportunities for certifications. Compensation is generally competitive within the cybersecurity industry.
What cities are hiring for Mandiant jobs? Cities with the most Mandiant job openings:
What are the most commonly searched types of Mandiant jobs? The most popular types of Mandiant jobs are:
What states have the most Mandiant jobs? States with the most job openings for Mandiant jobs include:
Security Operations Engineer

Other

Medical, Life, Retirement

Posted 10 days ago


Job description

Overview

Texas GovLink, Inc. is an Austin-based firm which has been a leading provider of technical and business professionals to clients in Texas. We are currently seeking an experienced Security Operations Engineer to be a key resource on a technical services team.

Texas GovLink offers its family of consultants excellent rates, a local support staff, and an attractive benefits package which includes medical insurance (TGL shares a percentage of the cost), life insurance, a matching 401(k) plan and a cafeteria plan.Candidates selected for interview will be required to undergo criminal background checks and may be required to complete a drug screen in accordance with Federal and State Law.  Offers of Employment are contingent on a successful background checkTexas GovLink is an equal opportunities employer.

Responsibilities
  • Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
  • Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
  • Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
  • Conduct network traffic analysis to detect anomalies, lateral movement, and commandandcontrol activity.
  • Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
  • Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
  • Continuously tune detection content based on intelligencedriven insights, improving alert fidelity and reducing false positives across statewide monitoring.
  • Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
  • Support SOC operations by providing detection engineering, log onboarding, and data normalization.
  • Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
  • Collaborate with Incident Responders to provide networklevel evidence, context, and threat validation.
  • Produce engineering reports, tuning documentation, and platform health assessments.
  • Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
  • Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps
Qualifications

Minimum Requirements:Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required/Preferred

Experience

5

Required

SOC operations experience

5

Required

Handson experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, falsepositive reduction, and threatdriven detection improvements.

5

Required

Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.

5

Required

Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.

5

Required

Threat intelligence application expertise

5

Required

Develop detection logic aligned with adversary TTPs

6

Preferred

Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.

5

Preferred

Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.

5

Preferred

Perform packet-level analysis to validate alerts and identify malicious activity

5

Preferred

Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence

5

Preferred

Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation

4

Preferred

Security Certifications Preferred (CISSP, CEH, GISF, GSEC, CySA+, Sec+)

Employment Type: OTHER