Principal Consultant, DFIR, Reactive Services

Summary

Join Palo Alto Networks as a Principal Consultant and lead client-facing incident response engagements. You will manage and deliver on reactive services, working directly with clients and stakeholders to investigate security incidents and provide remediation guidance. Responsibilities include performing host-based analysis, examining various log sources, investigating data breaches using forensic tools, and mentoring team members. This role requires 6+ years of incident response or digital forensics consulting experience, strong leadership skills, proficiency in host-based forensics, and experience with various forensic tools. The position involves approximately 20% travel. A Bachelor's degree in a related field is required. Compensation includes a base salary between $151,000 and $208,000, restricted stock units, and a bonus.

Requirements

• 6+ years of incident response or digital forensics consulting experience with a passion for cyber security
• Strong leadership skills including experience managing a team or individuals
• Experience with leading complicated engagements including scoping, interfacing with the client, and have executed on a technical front
• Proficient with host-based forensics and data breach response
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools
• Incident response consulting experience required
• Ability to perform travel requirements as needed to meet business demands (on average 20%)
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field

Responsibilities

• Perform reactive incident response functions including but not limited to: host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)
• Examine firewall, web, database, and other log sources to identify evidence of malicious activity
• Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and other investigation tools to determine source of compromises and malicious activity that occurred in client environments
• Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Ability to perform travel requirements as needed to meet business demands (on average 20%)
• Mentorship of team members in incident response and forensics best practices

Preferred Qualifications

• Have an external presence via public speaking, conferences, and/or publications
• Have credibility, executive presence, and gravitas
• Be able to have a meaningful and rapid delivery contribution
• Have the potential and capacity to understand all aspects of the business and an excellent understanding of PANW products
• Be collaborative and able to build relationships internally, externally, and across all PANW functions, including the sales team

Benefits

The offered compensation may also include restricted stock units and a bonus