Senior/Principal Incident Response Consultant - Weekend Shift (Remote, US)
- Alexandria, VA
- Employees can work remotely
The Mandiant Incident Response team is seeking a strong technical consultants to manage large, client-facing projects and train/mentor other security consultants. In this role, you will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers. You must be able to see the big picture, understanding evolving attacker behavior and motivations, participate and manage large client-facing projects, and help to train/mentor other security consultants. The successful candidate will possess sound business acumen, strong consulting skills, current technical skills and be adept in leading multiple projects under tight deadlines. If you are interested in investigating computer crimes and breaches that make the headlines – and many more that don’t, then this opportunity is for you. This is a weekend-shift role with no travel requirement. Candidates will be fully remote and must work from Friday - Monday.
What You Will Do:
- Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations
- Utilize Mandiant and FireEye technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence
- Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
- Build scripts, tools, or methodologies to enhance Mandiant’s incident investigation processes
- Develop and present comprehensive and accurate reports, trainings and presentations for both technical and executive audiences
- Work with clients security and IT operations teams to implement remediation plans in response to incidents
- 5+ years of experience in incident response, security operations, consulting or similar
- Experience with at least three of the following:
- Windows disk and memory forensics
- Network Security Monitoring (NSM), network traffic analysis, and log analysis
- Unix or Linux disk and memory forensics
- Static and dynamic malware analysis
- Experience and understanding of enterprise security controls in Active Directory/Windows environments
- Experience building scripts, tools, or methodologies to enhance investigation processes
- Experience leading external client engagements
- Must be able to work in the US without sponsorship
- Weekend Schedule: Friday - Monday
- Effectively communicating investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clients
- Effectively develop documentation and explain technical details in a concise, understandable manner
- Strong time management skills to balance time among multiple tasks, and lead junior staff when required
At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Minimum Salary: $130,000. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations.
Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from FireEye’s Compensation Committee, and vesting terms
Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, FireEye also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. FireEye also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.
*Disclosure as required by sb19-085 (8-5-20)