Principal Consultant, Cloud DFIR

Summary

Join Palo Alto Networks® as a Principal Consultant and lead client-facing engagements focused on reactive services. You will work directly with customers and stakeholders to address security priorities in cloud platforms (Azure, AWS, GCP) and related applications. This role involves performing incident response in public cloud environments, investigating data breaches, and providing remediation recommendations. You will need 6+ years of incident response or digital forensics consulting experience and 3+ years in a cloud environment. The position requires strong leadership skills and the ability to manage engagements. Travel is required (approximately 20%). Mentorship of team members is also a key responsibility.

Requirements

• 6+ years of incident response or digital forensics consulting experience with a passion for cyber security
• 3+ years in a cloud environment as an administrator, security operator, or consultant- DevOps experience welcome
• Hands-on experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments
• Understand and demonstrate best practices for architecting and operating in a cloud environment
• Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches
• Strong leadership skills including experience managing a team or individuals
• Experience with leading complicated engagements including scoping, interfacing with the client, and have executed on a technical front

Responsibilities

• Perform reactive incident response functions in public cloud environments, primarily Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and AliCloud
• Examine compute, storage, IAM, network traffic, serverless, and other log sources to identify evidence of malicious activity
• Investigate data breaches leveraging traditional forensic tools, cloud-specific tools, and custom Unit 42 techniques to determine the source of compromises and malicious activity that occurred in client environments
• Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Ability to perform travel requirements as needed to meet business demands (on average 20%)
• Mentorship of team members in incident response and forensics best practices

Benefits

• Restricted stock units
• A bonus