Listing Description
Position Title: Senior Incident Response & Malware Analysis Consultant (Top Secret Clearance)
Location: Washington, DC
The Company:
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 5,300 customers across 67 countries, including more than 825 of the Forbes Global 2000.
The Role:
The Mandiant Consulting team is seeking a passionate and highly skilled Incident Response Consultant to support a critical customer mission! The Incident Response Consultant will sustain the FireEye platform(s) and provide ongoing breach detection, incident response, forensic examination, malware analysis and remediation services to a strategic customer.
If you are fanatical about security, will do whatever it takes to keep the bad guys out, enjoy hunting for attackers and thrive on responding to security incidents, we want to hear from you!
Responsibilities:
Perform hunting activities to search the network for indicators of compromise
Perform advanced code analysis of malicious code detected on the network
Provide advanced traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends and patterns
Perform live response data collection and analysis on hosts of interest in an investigation
Correlate and analyze relevant events from host and network device log files
Perform incident response and malware analysis to investigate incidents and potential indicators of compromise
Help determine the extent of the compromise, attributes of any malware and possible data exfiltrated
Perform complex scripting (Shell, Perl, Python or other language) and to repurpose the results and automate artifact collection
Research and incorporate relevant threat intelligence during the investigation and in written and verbal reports
Develop, document and manage containment strategy
Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response
Advance intrusion detection capabilities through the build, test, and deployment of customized IDS signatures
Represent the client on working groups, task forces, and committees and provide relevant information in support of national objectives
Assist in the deployment of endpoint security devices and provide ongoing support
Search for known indicators of compromise related to specific threats or incidents identified
Requirements:
Must hold an active Top Secret clearance
Four or more years’ experience in a hands-on technical role of network forensic analyst, malware analyst, incident responder or similar
One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or similar
Expertise in analysis of TCP/IP network communication protocols
Experience with and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
Experience with a programming/scripting language such as Python, Perl or similar in an incident handling environment
Demonstrated ability to make decisions on remediation and countermeasures for challenging information security threats
Excellent communication and presentation skills with the ability to present to a variety of external audiences, including senior executives
Excellent written communication skills
Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner, as well as to set and manage expectations with senior stakeholders and team members
Additional Qualifications:
Experience with FireEye and Mandiant products, especially Mandiant for Intelligent Response (MIR) highly preferred
Experience with malware analysis and reverse engineering preferred
FireEye is an Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.Responsibilities:
Perform hunting activities to search the network for indicators of compromise
Perform advanced code analysis of malicious code detected on the network
Provide advanced traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends and patterns
Perform live response data collection and analysis on hosts of interest in an investigation
Correlate and analyze relevant events from host and network device log files
Perform incident response and malware analysis to investigate incidents and potential indicators of compromise
Help determine the extent of the compromise, attributes of any malware and possible data exfiltrated
Perform complex scripting (Shell, Perl, Python or other language) and to repurpose the results and automate artifact collection
Research and incorporate relevant threat intelligence during the investigation and in written and verbal reports
Develop, document and manage containment strategy
Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response
Advance intrusion detection capabilities through the build, test, and deployment of customized IDS signatures
Represent the client on working groups, task forces, and committees and provide relevant information in support of national objectives
Assist in the deployment of endpoint security devices and provide ongoing support
Search for known indicators of compromise related to specific threats or incidents identified
Listing Details
- Salary: $130000 - $150000
- Citizenship: Top Secret
- Incentives: Both
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute