Lead Incident Response Consultant Fortinet

Responsibilities:

• Lead IR engagements and mentoring/training junior analysts
• Serve as the primary contact for clients during investigations, delivering clear technical and executive-level updates.

• Continue to focus on process improvement for the customer facing incident response services

• Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems

• Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity

• Leverage our FortiEDR Platform to conduct investigations to rapidly detect and analyze security threats

• Perform memory forensics and file analysis as needed

• Contribute to threat intelligence consumption and generation within the FortiGuard threat intelligence ecosystem.

• Perform basic reverse engineering of threat actors malicious tools

• Develop complete and informative reports and presentations for both executive and technical audience

• Availability during nights/weekends as needed for IR engagements

Required Skills:

• Excellent written and verbal communication skills

• Experience interfacing with customers

• Experience with of at least one scripting language: Shell, Ruby, Perl, Python, etc
• Ability to data mine using YARA, RegEx or other techniques to identify new threats

• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools a plus

• Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis and malware persistence mechanism
• Strong knowledge of operating system internals and endpoint security experience.
• Able to communicate with both technical and executive personnel
• Static and dynamics malware and log analysis
• Analysis of Linux and MAC binary files and the understanding of MAC internals is a plus but not required.
• Highly motivated, self-driven and able to work both independently and within a team
• Able to work under pressure in time critical situations and occasional nights and weekends work

• A solid understanding of Active Directory and how to secure is a plus

Education:

• Bachelor s Degree in Computer Engineering, Computer Science or related field
• Or 10+ years experience with incident response and or Forensics