FireEye, Inc. Senior Incident Response Consultant (TS/SCI Poly) - Remote (Washington, DC/Metro Area) in Washington, District Of Columbia
Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? The Mandiant Consulting team is seeking an Incident Response Consultant with strong technical skills and an eagerness to lead projects and work with our clients. The candidate will need to apply forensics, log analysis, and malware triage skills to solve complex intrusion cases and apply expertise in a mentorship fashion. Our consultants must be comfortable working in teams or individually to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables. We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers and speaking at conferences. Responsibilities: * Automate tracking and discovery of threats leveraging internal and external data sources * Conduct host and network forensics, log analysis, and malware triage in support of network hunt or incident response investigations * Investigate impact to customers to determine if new detections or compromise notifications are necessary * Correlate data collected during hunt or incident response engagements against Mandiant’s intelligence repository * Correlate collected intelligence with malware research to build upon a larger knowledgebase of tracked threat activity * Utilize FireEye, or customer technology to conduct investigations and example endpoint and network-based sources of evidence * Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations * Research and develop methods of tracking and detecting malicious activity within a network * Develop scripts, tools, or methodologies to enhance the customer’s and Mandiant’s incident investigation process * Develop comprehensive and accurate reports and presentations for both technical and executive audiences * Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel * Work with security and IT operations at clients to implement remediation plans in response to incidents * Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff * Provide training and mentorship, present to small groups, and speak in public in venues such as conferences * Active TS/SCI with Poly required * Minimum 5 years of Incident Response experience * 5+ years of experience identifying, analyzing and interpreting trends or patterns in complex data set. * Technical experience in at least three of the following areas o Windows disk and memory forensics o Network Security Monitoring, network traffic analysis, and log analysis o Unix or Linux disk and memory forensics o Malware triage o Applied knowledge in a scripting or development language (e.g. Python) o Strong understanding of communication protocols (HTTP, DNS, TCP/UDP) as well as the various techniques utilized by malware within on operating system for persistence and data collection * Strong understanding of attacker methodology and methodologies used to hunt for adversarial activity * Ability to deliver technical training, advisory, and mentorship on complex topics in a classroom or operational environment Additional Qualifications: * Ability to think critically and properly qualify analytic assessments * Ability to recognize and appropriately handle sensitive data * Ability to interface and establish rapport with internal operations * Ability to work with little direct oversight * Ability to document and explain technical details in a concise, understandable manner As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire. At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. This is a regionally-based role that must be located within the Washington DC/Metro area of the US.