Python Job: Consultant - Incident Response (Remote)

The Mandiant Incident Response team is seeking Senior Consultants with deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers. You must be able to see the big picture, understanding evolving attacker behavior and motivations, participate and manage large client-facing projects, and help to train/mentor other security consultants. The successful candidate will possess sound business acumen, strong consulting skills, and current technical skills in security operations, cyber threat intelligence, and/or incident response. If you are interested in investigating computer crimes and breaches that make the headlines – and many more that don’t, then this opportunity is for you.

What you will do:

• Host/network based forensic investigations
• Develop custom reports based on data from multiple sources, including Mandiant appliances, threat intelligence, network sensors, and outside intelligence feeds
• Present technical material in a clear, organized briefing to a mix of technical and non-technical personnel
• Fully scope and present findings for a broad range of incidents from Nation state APT to Financially motivated cyber-crime incidents
• Develop, document and manage a containment and remediation strategy for customers
• Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response

Requirements:

• 5+ years experience in network forensics analyst, threat analyst, incident response, security engineer/ consultant or similar role
• Experience developing and managing incident response programs
• Understanding of the workings and analysis of TCP/IP network communication protocols
• Experience conducting analysis of electronic media, packet capture, log data, and network devices in support of intrusion analysis or enterprise level information security operations
• Experience with advanced computer exploitation methodologies
• Ability to integrate data from multiple sources and present concise, relevant information to a non-technical audience
• Experience with a scripting language such as Perl, Python, or other scripting language in an incident handling environment
• Excellent knowledge of current information security solutions and technologies, including network and host based products
• Native or Fluent in German both written and verbal language skills

Desired Qualifications:

• One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or equivalent experience in these areas
• Demonstrated ability to make decisions on remediation and countermeasures for challenging information security threats
• Excellent written and verbal communication and presentation skills with the ability to present to a variety of external audiences, including being able to interact with senior executives
• Strong leadership skills with the ability to prioritize and execute in a methodical and disciplined manner