Incident Response Advisor (TS/SCI)

Incident Response Advisor (TS/SCI)

Vacancy expired!

Job Description

Mandiantis a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

Consultants with Incident Response technical skills and an eagerness to lead projects will be considered. Candidates will need to apply their forensics, log analysis, and malware triage skills to solve complex intrusion cases at organizations around the world. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.

Responsibilities:

• Assessing and provide guidance on building and/or maturing information security programs and the implementation of tools and technologies used for enterprise security
• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects
• Implement and/or assess existing security controls
• Provide knowledge of tools and technologies used for enterprise security
• Interface with clients to address concerns, issues or escalations; track and drive to closure any issues that impact the service and its value to clients
• Onsite support for a federal client, including Incident Response (IR), Network Security Monitoring (NSM), network traffic analysis, threat hunting and log analysis.
• Conduct host forensics, network, log analysis, and malware triage in support of incident response investigations.
• Utilize Mandiant and FireEye technology to conduct large-scale investigations, hunting and examine endpoint and network-based sources of evidence.
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
• Assist with evolving methodologies to enhance Mandiant’s incident investigation processes.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
• Work with security and IT operations at clients to implement remediation plans in response to incidents.
• Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff.
• Provide onsite support / system administration for installed FireEye appliances
• Support off-site, within CONUS, threat hunting/IR engagements and deployed security technology for a federal customer

Qualifications

• Top Secret clearance required; SCI preferred
• Bachelor’s degree in a technical field and Minimum 5 years of comparable experience in a hands-on technical role of network forensics analyst, malware analyst, or incident responder
• Fundamental understanding of the components that comprise a successful information security program
• Fundamental understanding of operating systems, including Windows,Linux, and OSX
• Understanding of security controls for common platforms and devices, including Windows, Linux, OSXand network equipment
• Knowledge of tools used in penetration testing, security event analysis, incident response, computer forensics, malware analysis or other areas of security operations
• Expertise in analysis of TCP/IP network traffic and communication protocols
• Experience with malware analysis
• Preference of one or more of the following certifications: Certified Information Systems Security Professional (CISSP), Security+, Microsoft Certified Solutions Expert (MCSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), EnCE or equivalent certifications
• Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats

Additional Qualifications:

• Willingness to travel up to 20%
• Ability to successfully interface with both internal and external clients
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.