Senior/Principal Incident Response Consultant

Full Time
Milpitas, CA
Industry: Computer & Network Security
report a problem
Overview
 
 
Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? Mandiant is seeking a skilled Senior/Principal Incident Response Consultant with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their forensics, log analysis, and malware triage skills to solve complex intrusion cases at organizations around the world. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.
 
Responsibilities:
  • Conduct host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations
  • Utilize Mandiant and FireEye technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence
  • Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
  • Build scripts, tools, or methodologies to enhance Mandiant’s incident investigation processes
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Work with security and IT operations at clients to implement remediation plans in response to incidents
  • Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff
  • Provide training, present to small groups, and speak in public in venues such as conferences
 
Requirements:
  • Bachelor's degree in a technical field
  • At least three of the following:
    • Windows disk and memory forensics
    • Network Security Monitoring (NSM), network traffic analysis, and log analysis
    • Unix or Linux disk and memory forensics
    • Static and dynamic malware analysis
  • Applied knowledge in at least one scripting or development language (such as Python)
  • Thorough understanding of enterprise security controls in Active Directory / Windows environments
  • Experience with hands-on penetration testing against Windows, Unix, or web application targets
  • Minimum 5 years of comparable experience; minimum 8 years of experience if no degree 
  • Must be eligible to work in the US without sponsorship
 
Additional Qualifications:
  • Ability to travel up to 30%
  • Ability to successfully interface with clients (internal and external)
  • Ability to document and explain technical details in a concise, understandable manner
  • Ability to manage and balance own time among multiple tasks, and lead junior staff when required
 
FireEye is an Equal Opportunity Employer:  All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.  Click here to view the full EEO/AA statement.
 



Share this job:

FireEye

Join the team.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.
Visit FireEye's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Public Company
Company Size: 1,001-5000