Senior Researcher, Mandiant, Google Cloud



Netherlands · Remote
Posted on Tuesday, June 27, 2023

Note: Google’s hybrid workplace includes remote roles.

Remote location: Netherlands.


Minimum qualifications:

  • 3 years of experience discovering, investigating, and attributing network infrastructure and communication.
  • Experience in discovering, investigating, and attributing malicious cyber activities.
  • Experience in analyzing malware and writing detection content.
  • Experience in a technical cyber threat intelligence role and a competitive
    attitude towards adversaries and teammates.

Preferred qualifications:

  • Experience in analyzing network traffic and metadata and technical intelligence collection sources and methods.
  • Experience in offensive cyberspace operations and intelligence analysis tradecraft.
  • Experience in network reconnaissance, pivoting, analysis, and monitoring.
  • Experience in intelligence collection or counterintelligence.
  • Knowledge of malware discovery, pivoting, and analysis.
  • Ability to write scripts to automate tasks (e.g., Python) and produce narrow and broad detection content across a variety of platforms.

About the job

The Google Cloud Platform team helps customers transform and build what's next for their business — all with technology built in the cloud. Our products are engineered for security, reliability and scalability, running the full stack from infrastructure to applications to devices and hardware. Our teams are dedicated to helping our customers — developers, small and large businesses, educational institutions and government agencies — see the benefits of our technology come to life. As part of an entrepreneurial team in this rapidly growing business, you will play a key role in understanding the needs of our customers and help shape the future of businesses of all sizes use technology to connect with customers, employees and partners.

Adversary Operations’ mission is to expose adversaries and empower defenders. Advanced Research and Collection (ARC)’s mission is to systematically discover, research, attribute, and surveil prioritized adversaries. ARC not only sets the standards for how Mandiant conducts intelligence collection and research, we are responsible for relentlessly executing the mission.

As a Senior Researcher, you will be using data and information derived from multiple disciplines, sources, and methods to provide continuous visibility and proven depth of knowledge of prioritized adversaries. You will use Mandiant’s global visibility to set goals for your assigned adversaries. You will have the flexibility to also pursue unassigned and emerging threats beyond this.
In this role, you will focus primarily on Russian cyber espionage threat actors, but will have the flexibility to work on diverse prioritized threats and problems. You will be expected to apply your technical skills and tradecraft against other topics as priorities change.

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.


  • Cluster and attribute seemingly disparate activity related to intrusion activity and campaigns.
  • Be the expert in the technical tracking and attributing of prioritized adversaries.
  • Perform long term in-depth research to know more about adversaries.
  • Analyze technical data to extrapolate adversary methodologies and identifiable characteristics.
  • Exploit leads identified from intrusion investigations, security telemetry, commercial data, third-party public and private information sharing, and novel sources and methods alongside disseminating findings through modeled data.

Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.

To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees or any other organization location. Google is not responsible for any fees related to unsolicited resumes.

At Google, we’re committed to building a workforce that is more representative of the users we serve and creating a culture where everyone feels like they belong. To learn more about our diversity, equity, inclusion commitments and how we’re building belonging, please visit our Belonging page for more information.

We welcome and encourage people who are expecting and/or parents-to-be to apply to this or any other role at Google.

Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles.