Incident Response Specialist

[pseud0]

Large consulting firm looking to fill a variety of security positions.  Slots open in most major cities, but prefer NY, Short Hills, Philly, Tyson's Corner, Atlanta, Chicago, Detroit, Houston, Seattle, and San Francisco/Silicon Valley.  The job postings will reflect experienced hires, but I am more than willing to talk to junior folks that have the skills to hit the ground running.


Incident Response Specialist
Responsibilities:
•   Perform incident response activities for clients including alert investigations, triage actions, malware analysis, network and system forensics, and recovery operations
•   Track and prioritize a variety of investigative activities from detection through closure within large, complex environments
•   Assist clients in improving the capabilities and maturity of their incident response program by identifying appropriate technologies, policies, organizational structures, and relations with third parties
•   Assist clients by incorporating the incident response program into a variety of other operational processes such as security monitoring, vulnerability management, incident management, asset management, compliance, audit, and executive reporting
•   Facilitate communication and coordination between clients, client internal and external counsel, and law enforcement entities
•   When necessary, be able to provide testimony at legal proceedings regarding the outcome of an investigation, and the tools, methodologies, and evidentiary preservations efforts that supported the outcome
•   Identify and clearly articulate (written and verbal) findings to senior management, clients, counsel, and law enforcement
•   Help identify improvement opportunities for assigned clients
•   Supervise and provide engagement management for IT staff working on assigned engagements
Qualifications:
•   Bachelor’s degree in computer science or related field from an accredited college/university
•   5+ years of information security experience and 2+ years of incident response experience
•   Expertise in one of the following and familiarity/experience with the others:
o   Network forensics (packet analysis, sniffers, examination of suspect ports and services, etc) and log analysis
   Host and network IDS/IPS platform experience (Sourcefire/snort, Cisco, TippingPoint, Tripwire, Dragon, OSSEC, McAfee HIPS, Symantec Endpoint Protection, etc)
o   Malware analysis (file, memory, behavioral) on Windows and Linux systems, experience with mobile devices would be of great benefit
   Understanding of programming languages, assembly, debuggers /compilers /dissemblers to analyze suspect code and bypass obfuscation
   Malware monitoring experience (any SIEM, Mandiant Intelligent Response, NetWitness, Damballa, FireEye, etc.)
   System, file, and memory analysis tools experience (sysinternals suite, foundstone suite, hex editors,VMware, sandboxing, etc)
o   System forensics and investigations
   Demonstrate a clear understanding of digital rules of evidence including acquiring forensically sound images, maintaining chain of custody, and the privacy aspects of performing investigations on employee systems
   Forensic tool suites experience (EnCase, Autopsy, FTK, etc)
•   Ability to create and maintain relationships with a variety of security teams such as monitoring, fraud, employee investigations, privacy, vulnerability management, and operations
•   Experience in developing remediation activities and countermeasures for a variety of incident types
•   In-depth knowledge of the incident response and investigation provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, COBIT, NIST SP800-92, NIST SP800-94, NIST SP800-53
•   Familiarity of the structure, roles, and responsibilities of incident response teams
•   System configuration and security experience with a variety of devices (HP-UX, Linux, Solaris, AIX, firewalls, routers, switches, databases, Active Directory, LDAP, etc.)
•   Two or more years of scripting experience with Perl, Python, or Bash
•   One or more of the following technical certifications preferred: Certified Ethical Hacker (CEH); GIAC Certified Enterprise Defender (GCED); GIAC Certified Incident Handler (GCIH); GIAC Certified Incident Analyst (GCIA); GIAC Certified Forensic Analyst (GCFA); GIAC Reverse Engineering Malware (GREM); Certified Forensic Computer Examiner (CFCE); or equivalent vendor specific certifications (eg. EnCE)
•   In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
•   Track record with published content / research work in the information security field
•   Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client’s senior management team