Senior Incident Response & Malware Analysis Consultant (Top Secret Clearance)

Full Time
Washington, D.C., DC
Industry: Computer & Network Security
Areas of Interest: Incident Response
report a problem
The Mandiant Consulting team is seeking a passionate and highly skilled Incident Response Consultant to support a critical customer mission!  The Incident Response Consultant will sustain the FireEye platform(s) and provide ongoing breach detection, incident response, forensic examination, malware analysis and remediation services to a strategic customer. 
If you are fanatical about security, will do whatever it takes to keep the bad guys out, enjoy hunting for attackers and thrive on responding to security incidents, we want to hear from you!
  • Perform hunting activities to search the network for indicators of compromise
  • Perform advanced code analysis of malicious code detected on the network
  • Provide advanced traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends and patterns
  • Perform live response data collection and analysis on hosts of interest in an investigation
  • Correlate and analyze relevant events from host and network device log files
  • Perform incident response and malware analysis to investigate incidents and potential indicators of compromise
  • Help determine the extent of the compromise, attributes of any malware and possible data exfiltrated
  • Perform complex scripting (Shell, Perl, Python or other language) and to repurpose the results and automate artifact collection
  • Research and incorporate relevant threat intelligence during the investigation and in written and verbal reports
  • Develop, document and manage containment strategy
  • Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response
  • Advance intrusion detection capabilities through the build, test, and deployment of customized IDS signatures
  • Represent the client on working groups, task forces, and committees and provide relevant information in support of national objectives
  • Assist in the deployment of endpoint security devices and provide ongoing support
  • Search for known indicators of compromise related to specific threats or incidents identified 
  • Must hold an active Top Secret clearance
  • Four or more years’ experience in a hands-on technical role of network forensic analyst, malware analyst, incident responder or similar
  • One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or similar
  • Expertise in analysis of TCP/IP network communication protocols
  • Experience with and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
  • Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
  • Experience with a programming/scripting language such as Python, Perl or similar in an incident handling environment
  • Demonstrated ability to make decisions on remediation and countermeasures for challenging information security threats
  • Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives
  • Excellent written communication skills
  • Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner, as well as to set and manage expectations with senior stakeholders and team members
Additional Qualifications:
  • Experience with FireEye and Mandiant products, especially Mandiant for Intelligent Response (MIR) highly preferred
  • Experience with malware analysis and reverse engineering preferred
FireEye is an Equal Opportunity Employer:  All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.  Click here to view the full EEO/AA statement.

Share this job:


Join the team.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.
Visit FireEye's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Public Company
Company Size: 1,001-5000