Principal Consultant, Incident Response

Summary

Join Palo Alto Networks' Unit 42 Consulting team as a Principal Consultant and lead client-facing incident response engagements. You will manage and deliver on reactive services, working directly with clients and stakeholders to investigate security incidents and provide remediation guidance. This role requires a weekend work schedule of Friday-Monday. Responsibilities include performing host-based analysis, examining logs, investigating data breaches using various forensic tools, and mentoring team members. The position demands extensive experience in incident response and digital forensics, strong leadership skills, and proficiency with various forensic tools. Travel is required (approximately 20%). Eligibility for UK Security Check (SC) Clearance is mandatory.

Requirements

• 8+ years of incident response or digital forensics consulting experience with a passion for cyber security
• Strong leadership skills including experience managing a team or individuals
• Experience with leading complicated engagements including scoping, interfacing with the client, and have executed on a technical front
• Proficient with host-based forensics and data breach response
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools
• Incident response consulting experience required
• Identified ability to grow into a valuable contributor to the practice and, specifically have an external presence via public speaking, conferences, and/or publications
• Have credibility, executive presence, and gravitas
• Be able to have a meaningful and rapid delivery contribution
• Have the potential and capacity to understand all aspects of the business and an excellent understanding of PANW products
• Be collaborative and able to build relationships internally, externally, and across all PANW functions, including the sales team
• Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field or equivalent military experience required
• Please note that this role requires eligibility for UK Security Check (SC) Clearance. Eligibility includes having spent the last five years in the UK and holding British citizenship

Responsibilities

• Perform reactive incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)
• Examine firewall, web, database, and other log sources to identify evidence of malicious activity
• Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation tools to determine source of compromises and malicious activity that occurred in client environments
• Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
• Ability to perform travel requirements as needed to meet business demands (on average 20%)
• Mentorship of team members in incident response and forensics best practices

Benefits

• FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees
• Mental and financial health resources
• Personalized learning opportunities