FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye's world-class solutions and global footprint at https://www.fireeye.com/company.html.
Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? The FireEye Mandiant Consulting team is seeking an Incident Response Consultant with strong technical skills and an eagerness to lead projects and work with our clients. The candidate will need to apply forensics, log analysis, and malware triage skills to solve complex intrusion cases and apply expertise in a mentorship fashion. Our consultants must be comfortable working in teams or individually to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.
We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers and speaking at conferences.
Responsibilities:
- Automate tracking and discovery of threats leveraging internal and external data sources
- Conduct host and network forensics, log analysis, and malware triage in support of network hunt or incident response investigations
- Investigate impact to customers to determine if new detections or compromise notifications are necessary
- Correlate data collected during hunt or incident response engagements against FireEye’s intelligence repository
- Correlate collected intelligence with malware research to build upon a larger knowledgebase of tracked threat activity
- Utilize FireEye, or customer technology to conduct investigations and example endpoint and network-based sources of evidence
- Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations
- Research and develop methods of tracking and detecting malicious activity within a network
- Develop scripts, tools, or methodologies to enhance the customer’s and FireEye Mandiant’s incident investigation process
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Work with security and IT operations at clients to implement remediation plans in response to incidents
- Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff
- Provide training and mentorship, present to small groups, and speak in public in venues such as conferences
- 5+ years of Incident Response experience
- 5+ years of experience identifying, analyzing and interpreting trends or patterns in complex data set.
- Technical experience in at least three of the following areas
- Windows disk and memory forensics
- Network Security Monitoring, network traffic analysis, and log analysis
- Unix or Linux disk and memory forensics
- Malware triage
- Applied knowledge in a scripting or development language (e.g. Python)
- Strong understanding of communication protocols (HTTP, DNS, TCP/UDP) as well as the various techniques utilized by malware within on operating system for persistence and data collection
- Strong understanding of attacker methodology and methodologies used to hunt for adversarial activity
- Ability to deliver technical training, advisory, and mentorship on complex topics in a classroom or operational environment
Additional Qualifications:
- Ability to think critically and properly qualify analytic assessments
- Ability to recognize and appropriately handle sensitive data
- Ability to interface and establish rapport with internal operations
- Ability to work with little direct oversight
- Ability to document and explain technical details in a concise, understandable manner