Senior Consultant - DFIR, Unit 42
Palo Alto NetworksImplement Zero Trust, Secure your Network, Cloud workloads, Hybrid Workforce, Leverage Threat Intelligence & Security Consulting. Cybersecurity Services & Education for CISO’s, Head of Infrastructure, Network Security Engineers, Cloud...
At Palo Alto Networks®, everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.
We’re changing the nature of work. Palo Alto Networks is evolving to meet the needs of our employees now and in the future through FLEXWORK, our approach to how we work. From benefits to learning, location to leadership, we’ve rethought and recreated every aspect of the employee experience at Palo Alto Networks. And because it FLEXes around each individual employee based on their individual choices, employees are empowered to push boundaries and help us all evolve, together.
As a Senior Consultant in Unit 42 you will have the opportunity to work across a number of cyber security domains including Digital Forensics and Incident Response (DFIR), Offensive and Defensive Security. We are seeking an individual who is dedicated to delivering highly technical consulting services to an exceptional standard, thrives in a fast paced team environment, and advocates for innovative approaches to deliver the best outcomes for our cross-sector clients.
- Perform reactive incident response functions including but not limited to:
- host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)
- Examine firewall, web, database, and other log sources to identify evidence and artefacts of malicious and compromised activity
- Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Unit 42 investigation tools to determine source of compromises and malicious activity that occurred in client environments
- supported by senior team members, undertake incident response engagements to guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
- Provide mentorship of Incident Response Consultants in incident response and forensics best practices
- Working with practice leads to scope, schedule and deliver engagements end-to-end
- Report generation that clearly communicates investigations and assessment details, results, and remediation recommendations to clients.
- Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach.
- Contributing alongside practice leads to the continuous improvement and innovation of our services based on key drivers such evolving technology, threat landscape, regulatory requirements, lessons learned, industry standards and client requirements.
- Assist in the development of, and ongoing maintenance of internal infrastructure for research, development, and security testing.
- Ability to become proficient in at least two Palo Alto Networks products, including developing a deeper understanding of how our products integrate into an organisations cyber security program, and can be leveraged to produce data driven insights.
- Ability to perform travel requirements as needed to meet business demands.
- 4+ years of professional experience with leading industry tools and technologies for performing DFIR (digital forensics & incident response) investigations, and ideally additional experience in either Offensive (penetration testing, red/purple teaming, attack service assessments) or Defensive Security (security operations (SOC), compromise assessments, threat hunting, blue teaming) engagements.
- Proficient with host-based forensics and data breach response
- Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, WireShark, TCPDump, and open source forensic tools
- Solid understanding of the cyber threat landscape, and an ability to apply threat-led approaches to security engagements.
- Identified ability to grow into a valuable contributor to the practice and, specifically
- be collaborative and able to build relationships internally, externally, and across all PANW functions, including the sales team
- have the potential and capacity to understand aspects of the business and develop a thorough understanding of PANW products over time
- have/or a desired to grow an external presence via public speaking, conferences, and/or publications
- ability to build credibility, executive presence, and gravitas
- be able to have a meaningful and rapid delivery contribution
Desired but not essential
- 3+ years experience in client-facing consulting roles.
- Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or equivalent years of professional experience to meet job requirements and expectations.
- Professional industry certifications such as:
- GIAC Certified Forensic Analyst (GCFA), GIAC Incident Handler (GCIH)
- GIAC Penetration Tester (GPEN), Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional(OSCP), Certified Red Team Professional (CRTP),
- GIAC Defensible Security Architect (GDSA), GIAC Intrusion Analyst (GCIA), GIAC Continuous Monitoring (GMON)
- CISSP, CISM
- Understanding of cyber risk frameworks or industry standards such NIST CSF and 800-53, ISO 27001/2, PCI, CIS Top 20, CMMC.
Offensive Security Skills (desired)
- Experience in performing penetration testing to find any vulnerabilities or weaknesses (in network, cloud, applications, code, wireless) that might be exploited by a malicious party, using open-source, custom, and commercial testing tools - i.e knowledge and/or experience with security assessment tools, including Nessus, OpenVAS, MobSF. Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, and Empire, OWASP & MITRE ATT&CK.
- Experience with scripting and editing existing code and programming using one or more of the following: Perl, Python, ruby, bash, C/C++, C#, or Java
Defensive Security Skills (desired)
- Experience in security operations design, engineering and/or analysis and investigations, ideally in complex environments, with security event correlations across a variety of sources i.e. cloud, network, endpoint, logs.
- Ability to perform detailed assessments, identify areas for martial improvement and make recommendations to transform an organisation's cyber security operations and capabilities to better protect, detect and rapidly respond to modern threats.
- Demonstrated experience in improving an organisations security operations capabilities such as improvements in asset visibility, threat detection capabilities, automation techniques, case management, enablement of compliance and regulatory requirements
- Experience in conducting threat hunting and/or compromise assessments to identify active or dormant indicators of compromise (IoCs) or evidence of unknown threats within an organisations digital environment
Unit 42 Consulting is Palo Alto Network's security advisory team. Our vision is to create a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services to clients of all sizes. Our team is composed of recognized experts and incident responders with deep technical expertise and experience in investigations, data breach response, digital forensics, and information security. With a highly successful track record of delivering mission-critical cybersecurity solutions, we are experienced in working quickly to provide an effective incident response, attack readiness, and remediation plans with a focus on providing long-term support to improve our clients’ security posture.
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at firstname.lastname@example.org.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
All your information will be kept confidential according to EEO guidelines.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Bash Burp Suite C CISM CISSP Cloud CMMC Cobalt Strike Compliance Computer Science DFIR EnCase Firewalls Forensics GCFA GCIA GCIH GIAC GPEN Incident response ISO 27001 Java Linux Metasploit MITRE ATT&CK Monitoring Nessus NIST Offensive security Open Source OpenVAS OSCE OSCP OWASP Pentesting Perl Python Red team Risk management Ruby Scripting Security assessment SOC Splunk Threat detection Vulnerabilities Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open SOC-related jobs
- Open GCP-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open DoD-related jobs
- Open SQL-related jobs
- Open IDS-related jobs