Cybersecurity Incident Response Consultant

Key Role:

Serve as a technical leader within a diverse team of analysts conducting event detection, incident triage, incident handling, and remediation activities as part of an incident response team. Handle major high impact incidents, generate clear, concise recommendations, and coordinate activities and professional communications across a range of stakeholders. Work closely with client security teams to develop, tune, automate, and enhance network and host-based security devices and support the incident response fly away team with managing the response to client cyber intrusions, performing extensive network and host triage, maintaining strict chain-of-custody, developing documentation and reports, and performing remediation, as required.

Basic Qualifications:

-Experience with the use of Microsoft Office Suite, including Word, Excel, and PowerPoint

-Knowledge of incident management and response activities across the incident life cycle

-Knowledge of security tools and techniques used by Cybersecurity teams

-Ability to work independently and handle multiple tasks concurrently

-Ability to think of technical obstacles and challenges in the broader business context

-Ability to travel up to 80% and often on short notice

-Ability to obtain a security clearance

-HS diploma or GED

Additional Qualifications:

-Experience with performing host and network forensics analysis, including using timestamps across different log types to develop authoritative timelines of activity to find evidence of malicious activity

-Experience with performing anomaly or malware hunts using a common framework and standard methodology, including the MITRE ATT&CK framework

-Experience with conducting digital memory acquisition using Volatility, Rekall, or similar tools and extracting malicious binaries for analysis

-Experience with setting up and using isolated machines or environments for malware detonation and indicator of compromise identification

-Experience with performing static code analysis, including dissecting suspicious subroutines in assembly

-Experience with common scripting languages, including Perl or Python in the context of incident response and security operations

-Ability to configure and execute sweep parameters using tools that include GRR Rapid Response

-Possession of excellent oral and written communication skills, including adapting style and messaging to effectively communicate with professionals at all levels

-Top Secret clearance preferred

-BA or BS degree and 5 years of experience in a related field

-One or more of the following certifications:  GIAC Certified Incident Analyst (GCIA), Certified Computer Security Incident Handler (CSIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), CREST Certified Incident Manager, or CREST Certified Network Intrusion Analyst

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.