Incident Response Consultant (remote)

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Job Description

The Mandiant Incident Response team is seeking a Consultant to join our industry leading IR team in Australia, providing incident response, threat analysis and incident management services for our clients.

In this role, you will use your incident response skills to help investigate and contain security breaches, proactively hunt for threat actors in client environments, and work with our clients to develop incident response and threat management processes. You will also brief senior executives on threats in their environment and their industry, based on Mandiant’s wealth of threat intelligence.

The successful candidate will possess strong communication skills, current technical skills, be adept in engaging with clients under tight deadlines and demonstrate a strong desire for ongoing learning.

If you are interested in investigating computer crimes and breaches that make the headlines – and many more that don’t, then this opportunity is for you.

What You Will Do:

• Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations
• Present technical material in a clear, organized briefing to a mix of technical and non-technical personnel
• Utilize Mandiant technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Build scripts, tools, or methodologies to enhance Mandiant’s incident investigation processes
• Develop and present comprehensive and accurate reports, training and presentations for both technical and executive audiences
• Work with clients’ security and IT operations teams to develop and implement remediation plans in response to incidents
• Maintain current knowledge of threat actor tactics, techniques and procedures
• Maintain current knowledge of forensics and incident response tools, methodologies and best practices

Qualifications

• 3+ years of comparable experience in incident response, security operations, or similar
• Able to effectively communicate investigative findings, processes and remediation actions to technical staff, executive leadership, legal counsel, and internal and external clients
• Experience with at least three of the following:
  • Windows disk and memory forensics
  • Network Security Monitoring (NSM), network traffic analysis, and log analysis
  • Unix or Linux disk and memory forensics
  • Static and dynamic malware analysis
  • Forensics and log analysis in major cloud platforms (GCP/Azure/AWS)
• Experience and understanding of enterprise security controls in Active Directory/Windows environments
• Experience building scripts, tools, or methodologies to enhance investigation processes
• Must be able to work in Australia without sponsorship

Desired Qualifications:

• Able to obtain and hold a security clearance
• Able to travel up to 20%
• Effectively develop documentation and explain technical details in a concise, understandable manner
• Strong time management skills to balance time among multiple tasks
• One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or equivalent certifications in these areas

Additional Information

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.