Principal Consultant, DFIR

Summary

Join Palo Alto Networks' Unit 42 Consulting team as a Principal Consultant to lead client-facing incident response engagements. You will manage and deliver on reactive services, working directly with clients and stakeholders. Responsibilities include performing host-based analysis, examining logs, investigating data breaches using various forensic tools, and providing remediation guidance. The role requires strong leadership, experience managing teams, and proficiency in host-based forensics and data breach response. Travel is required (approximately 20%). Mentorship of team members is also expected. This position demands fluency in Spanish and English.

Requirements

• Fluent Spanish and English speaker
• 6+ years of incident response or digital forensics consulting experience with a passion for cyber security
• Strong leadership skills including experience managing a team or individuals
• Experience with leading complicated engagements including scoping, interfacing with the client, and have executed on a technical front
• Proficient with host-based forensics and data breach response
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools
• Incident response consulting experience required
• Identified ability to grow into a valuable contributor to the practice and, specifically have an external presence via public speaking, conferences, and/or publications
• Have credibility, executive presence, and gravitas
• Be able to have a meaningful and rapid delivery contribution
• Have the potential and capacity to understand all aspects of the business and an excellent understanding of PANW products
• Be collaborative and able to build relationships internally, externally, and across all PANW functions, including the sales team
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field or equivalent military experience required

Responsibilities

• Perform reactive incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)
• Examine firewall, web, database, and other log sources to identify evidence of malicious activity
• Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation tools to determine source of compromises and malicious activity that occurred in client environments
• Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Ability to perform travel requirements as needed to meet business demands (on average 20%)
• Mentorship of team members in incident response and forensics best practices

Benefits

• FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees
• Mental and financial health resources
• Personalized learning opportunities