Lead Consultant (FortiGuard Incident Response)We are seeking a dynamic Lead Consultant to contribute to the success of our rapidly growing business. You will work directly with members of a world-class incident response and forensics team, comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics, and threat actors TTPs.
Key Responsibilities:
Lead IR engagements and mentoring/training junior analysts.
Focus on process improvement for customer-facing incident response services.
Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems.
Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.
Leverage FortiEDR Platform to conduct investigations to rapidly detect and analyze security threats.
Perform basic reverse engineering of threat actor's malicious tools.
Develop complete and informative reports and presentations for executive and technical audiences.
Availability during nights/weekends as needed for IR engagements.
Perform memory forensics and file analysis as needed.
Monitor underground forums, FortiGuard Threat Labs, along with open-source intelligence outlets to maintain proficiency in the latest actor tactics and techniques.
Requirements:
Experience with at least one scripting language: Shell, Ruby, Perl, Python, etc.
Data mining using YARA, RegEx, or other techniques to identify new threats.
Experience with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open-source forensic tools.
Malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger.
Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis, and malware persistence mechanisms.
Strong knowledge of operating system internals and endpoint security experience.
Able to communicate with both technical and executive personnel.
Excellent written and verbal communication skills.
Reading and writing skills in non-English languages such as Chinese and Russian.
Analysis of Linux and MAC binary files and understanding of MAC internals.
Highly motivated, self-driven, and able to work independently and within a team.
Able to work under pressure in time-critical situations and occasional nights and weekends work.
A good understanding of Active Directory.
Bachelor's Degree in Computer Engineering, Computer Science, or related field, or 10+ years' experience with incident response and/or forensics.
Why Join Us:
We embrace diversity and inclusivity. We encourage applications from diverse backgrounds and identities. Our welcoming work environment is designed for a rewarding career journey with an attractive Total Rewards package to support your overall health and financial well-being.#J-18808-Ljbffr