09 Jun
DCO/IR Consultant (TS/SCI)
Georgia, Ftgordon 00000 Ftgordon USA

Vacancy expired!

Job Description

Mandiantis a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that FireEye knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. FireEye Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

The Mandiant Consulting team is seeking a Senior DCO Analyst / Incident Response Consultant with strong technical skills and an ability to lead and transform defensive cyberspace operations (DCO). The successful candidate will have a proven record of identifying and tracking cyber threats, and a technical understanding of the tools, techniques, and procedures used by threat actors. The candidate will apply forensics, log analysis, and malware triage skills to hunt for and respond to complex threat activity and intrusions and apply expertise in a mentorship fashion. The candidate will also help develop innovative tools to assist responders and automate malware analysis and reverse engineering efforts.

The Senior DCO Analyst / Incident Response Consultant is expected to work with minimal guidance against a broad set of objects to handle a variety of complex assignments and situations. Within established priorities and deadlines, the successful candidate will exercise independent judgment in selecting and applying appropriate methods, procedures, techniques, and practices.

Our consultants must be comfortable working in teams or individually to tackle challenging projects, communicating with clients, and creating and presenting high-quality deliverables.We encourage giveback to the community and strongly support sharing of expertise by authoring whitepapers and speaking at conferences.

Responsibilities:

  • Perform proactive threat hunting and work across teams to cut through the noise to identify unique threats and campaigns. Leverage disparate sources of information – such as internal reporting and alert data - in support of these activities.
  • Automate tracking and discovery of threats leveraging internal and external data sources
  • Conduct host and network forensics, log analysis, and malware triage in support of network hunt or incident response investigations
  • Research and develop methods of tracking and detecting malicious activity within a network
  • Correlate data collected during hunt or incident response engagements against FireEye’s intelligence repository
  • Correlate collected intelligence with malware research to build upon a larger knowledgebase of tracked threat activity
  • Maintain awareness of the current threat environment and possible impact of newly discovered vulnerabilities and exploits. Cultivate current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response best practices.
  • Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigation.
  • Develop scripts, tools, or methodologies to enhance the incident investigation process
  • Develop, document, and manage a mitigation strategy for identified threats
  • Develop and deliver comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Work with key stakeholders to implement remediation plans in response to incidents
  • Provide training and mentorship, present to small groups, and speak in public in venues such as conferences

Qualifications

  • Top Secret/SCI required with the ability to obtain a Poly in the future.
  • Bachelor’s degree with 10 years of demonstrated technical experience; Master’s degree with 8 years of demonstrated technical experience; 16 years of demonstrated technical experience can be substituted in lieu of a degree.
  • DoD 8570 IAT Level II certification is required
  • Experience identifying, analyzing and interpreting trends or patterns in complex data sets
  • Applied knowledge in a scripting or development language (e.g. Python)
  • Strong understanding of communication protocols (HTTP, DNS, TCP/UDP) as well as the various techniques utilized by malware within on operating system for persistence and data collection
  • Proficiency with network security monitoring and network traffic analysis
  • Proficiency with network and endpoint forensics using live response methods
  • Proficiency with malware triage using static and dynamic techniques
  • Strong understanding of the incident response process
  • Demonstrated ability to make decisions on remediation and counter measures design for challenging information security threats.
  • Strong understanding of attacker methodology and methodologies used to hunt for adversarial activity
  • Capable of identifying host and network indicators for use with network hunt and incident response activities.
  • Familiarity with Snort, YARA, and OpenIOC signature formats
  • Ability to deliver technical training, advisory, and mentorship on complex topics in a classroom or operational environment

Additional Qualifications:

  • GIAC GCIA, GIAC GCIH, DoD 8570 CSSP Analyst, and/or DoD 8570 Incident Responder certifications desired.
  • Ability to think critically and properly qualify analytic assessments
  • Ability to recognize and appropriately handle sensitive data
  • Ability to interface and establish rapport with internal operations
  • Ability to work with little direct oversight
  • Ability to document and explain technical details in a concise, understandable manner
  • Ability to lead teams of technically skilled experts

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to [emailprotected]

Vacancy expired!


Report job