Incident Response Consultant (TS/SCI)

Job Description

Mandiantis a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? Mandiant seeks Incident Response Consultants with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their forensics, log analysis, and malware triage skills to solve complex intrusion cases at organizations around the world. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.

FireEye Mandiant is looking for talented and cleared individuals like you for our Government Recruiting, Expertise, and Talent Development (GREAT) Program. As part of this program you will receive in-depth training and hands-on experience from leaders in the cybersecurity space. After serving in and gaining valuable skills from our commercial business, you will have the opportunity to operate in defense of national security and utilize your expertise for dedicated government service

• Onsite support for a federal client, including Incident Response (IR), NetworkSecurity Monitoring (NSM), network traffic analysis, threat hunting and log analysis.
• Conduct host forensics, network, log analysis, and malware triage in support of incident response investigations.
• Utilize Mandiant and FireEye technology to conduct large-scale investigations, hunting and examine endpoint and network-based sources of evidence.
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
• Build scripts, tools, or methodologies to enhance Mandiant’s incident investigation processes.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
• Work with security and IT operations at clients to implement remediation plans in response to incidents.
• Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff.
• Provide onsite support / system administration for installed FireEye appliances
• Support off-site, within CONUS, threat hunting/IR engagements and deployed security technology for a federal customer

Qualifications

• Top Secret clearance required; SCI preferred
• Bachelor’s degree in a technical field and Minimum 5 years of comparable experience in a hands-on technical role of network forensics analyst, malware analyst, or incident responder
• Preference of one or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or equivalent certifications
• Expertise in analysis of TCP/IP network traffic and communication protocols
• Experience with a scripting language such as Perl, Python, or other scripting language in an incident handling environment
• Experience with malware analysis and reverse engineering
• Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations
• Experience with advanced computer exploitation methodologies preferred, including analysis tools such as Encase or FTK, Helix, Paraben, etc.
• Ability conduct frequency analysis of host system artifacts and analyze patterns of behavior to identify potentially compromised hosts.
• Experience with writing and managing IOC’s and signatures such as OpenIOC format, YARA, and Snort.
• Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats

• Willingness to travel up to 15%
• Ability to successfully interface with both internal and external clients
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required
• Demonstrated aptitude and desire to learn new technologies and services
• Ability to ramp up quickly in learning the portfolio of FireEye services and products
• Problem solver with keen attention to detail
• Salesforce case management experience preferred
• Excellent written and verbal communication skills

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.