Senior Incident Response Consultant

Summary

Join Pondurance's Incident Response team as a Senior Incident Response Consultant and contribute to a safer digital world. You will support the IR lifecycle, analyze intrusions, and respond to client incidents. This remote role requires strong technical skills in forensic investigations, network analysis, and scripting. You will communicate findings to clients and contribute to enhanced detection capabilities. The ideal candidate possesses relevant certifications and experience in a consulting environment. Pondurance offers competitive compensation, benefits including health insurance, paid time off, and a supportive work culture.

Requirements

• Strong hands-on working knowledge of: Windows OS and networking protocols
• Windows disk and memory forensics
• Unix OS and networking protocol
• Network traffic analysis
• Scripting and/or programming
• Experience with commercial EDR (SentinelOne, Blackberry PROTECT, CarbonBlack, CrowdStrike) and Forensic tool suites (FTK, AXIOM, EnCase)
• Reverse engineering and malware analysis
• Significant experience in a forensic and incident response role
• Demonstrated experience using analytical skills in a cybersecurity environment to triage and detect events transpired and deal with Ransomware forensic investigations
• Demonstrated ability to make decisions on remediation and countermeasures for challenging information security threats
• Experience in a technical role for a consulting company

Responsibilities

• Conduct forensic host, network, and application technical investigations
• Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent and remediate threats
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Develop custom scripts, tools, or methodologies to enhance our IR processes
• Develop comprehensive and accurate reports of forensic findings and IR activities for both technical and executive audiences
• Effectively communicate investigative findings and strategy to various client stakeholders
• Provide clients with immediate actionable 0-day cybersecurity advice to stop and mitigate the damage of ongoing attacks
• Assist with the scoping of new engagements using a whole lifecycle approach, guiding the client from initial discovery through mitigation and remediation

Preferred Qualifications

One or more of the following technical certifications preferred: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), MCFE, EnCE or equivalent certifications

Benefits

• Medical, dental, vision, disability, FSA, HSA, life and AD&D insurance, 401(k) Plan
• Time off: PTO, sick, holiday, & parental leave details are available
• Money: We provide competitive compensation packages based on the market and your overall credentials
• Although this is a remote role, if you live close by, you’ll have access to our office locations: McLean, VA or Indianapolis, IN