Post Thu Mar 17, 2011 8:01 pm

Incident Response Specialist

Large consulting firm looking to fill a variety of security positions.  Slots open in most major cities, but prefer NY, Short Hills, Philly, Tyson's Corner, Atlanta, Chicago, Detroit, Houston, Seattle, and San Francisco/Silicon Valley.  The job postings will reflect experienced hires, but I am more than willing to talk to junior folks that have the skills to hit the ground running.

Incident Response Specialist
• Perform incident response activities for clients including alert investigations, triage actions, malware analysis, network and system forensics, and recovery operations
• Track and prioritize a variety of investigative activities from detection through closure within large, complex environments
• Assist clients in improving the capabilities and maturity of their incident response program by identifying appropriate technologies, policies, organizational structures, and relations with third parties
• Assist clients by incorporating the incident response program into a variety of other operational processes such as security monitoring, vulnerability management, incident management, asset management, compliance, audit, and executive reporting
• Facilitate communication and coordination between clients, client internal and external counsel, and law enforcement entities
• When necessary, be able to provide testimony at legal proceedings regarding the outcome of an investigation, and the tools, methodologies, and evidentiary preservations efforts that supported the outcome
• Identify and clearly articulate (written and verbal) findings to senior management, clients, counsel, and law enforcement
• Help identify improvement opportunities for assigned clients
• Supervise and provide engagement management for IT staff working on assigned engagements
• Bachelor’s degree in computer science or related field from an accredited college/university
• 5+ years of information security experience and 2+ years of incident response experience
• Expertise in one of the following and familiarity/experience with the others:
o Network forensics (packet analysis, sniffers, examination of suspect ports and services, etc) and log analysis
 Host and network IDS/IPS platform experience (Sourcefire/snort, Cisco, TippingPoint, Tripwire, Dragon, OSSEC, McAfee HIPS, Symantec Endpoint Protection, etc)
o Malware analysis (file, memory, behavioral) on Windows and Linux systems, experience with mobile devices would be of great benefit
 Understanding of programming languages, assembly, debuggers /compilers /dissemblers to analyze suspect code and bypass obfuscation
 Malware monitoring experience (any SIEM, Mandiant Intelligent Response, NetWitness, Damballa, FireEye, etc.)
 System, file, and memory analysis tools experience (sysinternals suite, foundstone suite, hex editors,VMware, sandboxing, etc)
o System forensics and investigations
 Demonstrate a clear understanding of digital rules of evidence including acquiring forensically sound images, maintaining chain of custody, and the privacy aspects of performing investigations on employee systems
 Forensic tool suites experience (EnCase, Autopsy, FTK, etc)
• Ability to create and maintain relationships with a variety of security teams such as monitoring, fraud, employee investigations, privacy, vulnerability management, and operations
• Experience in developing remediation activities and countermeasures for a variety of incident types
• In-depth knowledge of the incident response and investigation provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, COBIT, NIST SP800-92, NIST SP800-94, NIST SP800-53
• Familiarity of the structure, roles, and responsibilities of incident response teams
• System configuration and security experience with a variety of devices (HP-UX, Linux, Solaris, AIX, firewalls, routers, switches, databases, Active Directory, LDAP, etc.)
• Two or more years of scripting experience with Perl, Python, or Bash
• One or more of the following technical certifications preferred: Certified Ethical Hacker (CEH); GIAC Certified Enterprise Defender (GCED); GIAC Certified Incident Handler (GCIH); GIAC Certified Incident Analyst (GCIA); GIAC Certified Forensic Analyst (GCFA); GIAC Reverse Engineering Malware (GREM); Certified Forensic Computer Examiner (CFCE); or equivalent vendor specific certifications (eg. EnCE)
• In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
• Track record with published content / research work in the information security field
• Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client’s senior management team