Incident Response Consultant - Remote (Washington DC/Metro Area)

  • Arlington, VA, USA
  • Employees can work remotely
  • Full-time

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Job Description

Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? The FireEye Mandiant Consulting team is seeking an Incident Response Consultant with strong technical skills and an eagerness to lead projects and work with our clients. The candidate will need to apply forensics, log analysis, and malware triage skills to solve complex intrusion cases and apply expertise in a mentorship fashion. Our consultants must be comfortable working in teams or individually to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.
We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers and speaking at conferences.


  • Automate tracking and discovery of threats leveraging internal and external data sources
  • Conduct host and network forensics, log analysis, and malware triage in support of network hunt or incident response investigations
  • Investigate impact to customers to determine if new detections or compromise notifications are necessary
  • Correlate data collected during hunt or incident response engagements against FireEye’s intelligence repository
  • Correlate collected intelligence with malware research to build upon a larger knowledgebase of tracked threat activity
  • Utilize FireEye, or customer technology to conduct investigations and example endpoint and network-based sources of evidence
  • Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations
  • Research and develop methods of tracking and detecting malicious activity within a network
  • Develop scripts, tools, or methodologies to enhance the customer’s and FireEye Mandiant’s incident investigation process
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Work with security and IT operations at clients to implement remediation plans in response to incidents
  • Assist with scoping prospective engagements, participating in investigations from kickoff through remediation, and mentoring less experienced staff
  • Provide training and mentorship, present to small groups, and speak in public in venues such as conferences


  • Minimum 5 years of Incident Response experience
  • 5+ years of experience identifying, analyzing and interpreting trends or patterns in complex data set.
  • Technical experience in at least three of the following areas
    • Windows disk and memory forensics
    • Network Security Monitoring, network traffic analysis, and log analysis
    • Unix or Linux disk and memory forensics
    • Malware triage
    • Applied knowledge in a scripting or development language (e.g. Python)
    • Strong understanding of communication protocols (HTTP, DNS, TCP/UDP) as well as the various techniques utilized by malware within on operating system for persistence and data collection
  • Strong understanding of attacker methodology and methodologies used to hunt for adversarial activity
  • Ability to deliver technical training, advisory, and mentorship on complex topics in a classroom or operational environment

Additional Qualifications:

  • Ability to think critically and properly qualify analytic assessments
  • Ability to recognize and appropriately handle sensitive data
  • Ability to interface and establish rapport with internal operations
  • Ability to work with little direct oversight
  • Ability to document and explain technical details in a concise, understandable manner

Additional Information

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This is a regionally-based role that must be located in Washington DC, Maryland, or Northern Virginia.

Privacy Policy