Candidates can live anywhere in the continental U.S. Travel requirements: 50 - 70%.
Incident Response is a very dynamic and volatile industry. The Senior Security Consultant - Incident Management will require an extensive understanding of digital investigations and underlying principles. Applicable fields of digital investigations include: computer forensics, network forensics, mobile forensics, e-discovery, malware analysis, memory analysis, and a strong understanding of information security principles. Each investigation requires the consultant to be able to perform all phases of the investigation and remediation from start to finish, including providing security recommendations that will effectively mitigate vulnerabilities and prevent future attacks.
In addition to reactive investigations, a Senior Security Consultant /Incident Responder is expected to be able to perform proactive engagements, which include review and creation of policies, procedures, incident handling playbooks, as well as perform risk assessments, gap analyses, tabletop exercises and training of internal or external parties.
PRIMARY DUTIES AND RESPONSIBILITIES
- Perform live incident response (reactive and proactive incident management) related engagements by identifying and remediating malicious applications, including, but not limited to the following activities:
- Live incident response, systems triage, containment, and remediation
- PCI forensic investigations (PFI)
- Compromise assessment
- Digital forensics
- Mobile phone forensics
- Administrator lockout
- Malware analysis
- Network traffic analysis
- Incident response risk assessments
- Incident management program development
- Incident management training
- Incident management tabletop exercises
- Live attack simulation
- Perform confidently and authoritatively in role of incident management subject matter expert and lead customer personnel in responding to fast paced incidents
- Perform work successfully with little supervisory oversight.
- Act as investigative architect and provide internal or external teams with documentation and methodology sufficient to conduct an investigation to successful completion
- Demonstrate ability to invent and successfully utilize new investigative workflows to overcome emerging threats never seen before or to work around problems encountered during engagements
- Remain current on information security and emerging threat trends and tools & methodologies to combat the same
- Guide customers through investigations in compliance with regulatory requirements
- Review security infrastructure and configuration to identify points of vulnerability and suggest recommendations for remediation.
- Author white-papers, videos, methodologies, and other how-to / training related materials in support of Incident Management tools and methodologies
- Travel as needed to customer locations to perform reactive or proactive engagements, including frequent travel with very short or no advanced notice, International travel may also be required
- Adhere to policies, procedures, and security practices
- Resolve problems independently and understand escalation procedure. Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues.
- Take meticulous notes and demonstrate strong reporting capabilities and attention to detail
- Perform public speaking and eminence related activities
- Develop training content and provide instruction on advanced investigative concepts
- Testify in court cases regarding investigations conducted
- Perform other duties as assigned
The Senior Security Consultant has no direct reports, but will take the lead on investigations at the client site and/or supervise the activities of client security personnel. The Senior Security Consultant will also be the lead FNS investigator on engagements, function as investigative architect, and will lead the onsite response unless higher ranking FishNet Security Incident Management personnel are engaged. The Senior Security Consultant is expected to proactively mentor other members on the team and be a subject matter expert in Incident Management service offerings.
Experience / Education:
- Bachelor’s Degree (B.A.) from four-year college or university in Information Technology, Information Security/Assurance, Digital Forensics, Engineering or related area of study; or 7 or more years related experience and/or training; or equivalent combination of education and experience required.
- Minimum 7 years total information security experience required
- Minimum 5 years of live incident response required
- Minimum 5 years of forensic analysis required
- Minimum 5 years of working with computer hardware required
- Minimum 5 years of network traffic analysis and deep packet inspection required
- Minimum 3 years of malware analysis required
- Minimum 3 years of policy, procedure, and program development required
- Minimum 3 years of systems administration required
- Minimum 3 years of network administration required
- Minimum 3 years of technical consulting required
- Minimum 3 years of software development or scripting experience required
- Expert level experience with a variety of operating systems, including Windows, Linux, or UNIX required.
- Excellent written and verbal communication skills required. Must be able to communicate technical details in a clear, understandable manner.
- Customer focus and a strong commitment to client satisfaction required.
- Demonstrated understanding of Information Security, Networking, and forensics required.
- Demonstrated ability to quickly learn new technology or concepts required.
- Demonstrated outstanding time management, independent work and organizational skills required.
- This position requires the ability to respond onsite in a 24/7/365 environment. Must be willing to work evening, overnight, and weekend and holiday hours as needed.
- Strong interest in technology and a desire to learn and grow in the Networking/Security/digital investigations field is required. Skills and knowledge must be kept current.
- EnCase, FTK, X-Ways, Paraben P2, and/or other experience with similar advanced products required.
- Demonstrated understanding of networking in any of the following deep packet analysis tools: Wireshark, Network Miner, or NetWitness required
- Demonstrated understanding of malware and ability to perform behavioral analysis is required
- Demonstrated understanding of threat vectors and related artifacts subsequently left behind and methods of retrieving and interpreting them.
- Security and forensic related certifications strongly preferred.
- Ability to interpret hexadecimal, binary, base64, and other encoding formats into human readable text
FishNet Security is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.