Please allow me to share my thoughts – I think the solution may be the following:
So, in my humble opinion your setup should be a valid one, IF (!) the functionality is already built on SRX-es; what I mean: you need to use the SSL Proxy feature as Client-Protection SSL Proxy, which means that the Certificate is presented to HTTPS clients by the first SRX following a match on specific traffic within security policy, decrypted and flows to FireEye device – this is clear. The only spot I am not sure about is the reverse process – on the second SRX, if that second one knows what to do with the traffic you intercept with the security policy and apply the SSL Proxy profile to it … (if it knows that it should encrypt that clear-text traffic and throw it to the destination).
Therefore, I recommend you test the setup in JCL – use the BYO feature with two SRX-es – should not take long.
Good luck !