Senior Incident Response Consultant

Summary

Join Pondurance's Incident Response team as a Senior Incident Response Consultant and help organizations detect and respond to cyber threats. Support the IR lifecycle, analyze intrusions, and assist clients in responding to incidents. Lead technical analysis of IR investigations, communicate effectively with stakeholders, and provide off-hours support. Develop custom scripts and tools to enhance IR processes, and create comprehensive reports for technical and executive audiences. Provide immediate cybersecurity advice to mitigate ongoing attacks and assist with scoping new engagements. This remote position is ideal for candidates in McLean, VA or Indianapolis, IN.

Requirements

• Strong hands-on working knowledge of: Windows OS and networking protocols
• Windows disk and memory forensics
• Unix OS and networking protocol
• Network traffic analysis
• Scripting and/or programming
• Experience with commercial EDR (SentinelOne, Blackberry PROTECT, CarbonBlack, CrowdStrike) and Forensic tool suites (FTK, AXIOM, EnCase)
• Reverse engineering and malware analysis
• Significant experience in a forensic and incident response role
• Demonstrated experience using analytical skills in a cybersecurity environment to triage and detect events transpired and deal with Ransomware forensic investigations
• Demonstrated ability to make decisions on remediation and countermeasures for challenging information security threats
• Experience in a technical role for a consulting company

Responsibilities

• Conduct forensic host, network, and application technical investigations
• Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent and remediate threats
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Develop custom scripts, tools, or methodologies to enhance our IR processes
• Develop comprehensive and accurate reports of forensic findings and IR activities for both technical and executive audiences
• Effectively communicate investigative findings and strategy to various client stakeholders
• Provide clients with immediate actionable 0-day cybersecurity advice to stop and mitigate the damage of ongoing attacks
• Assist with the scoping of new engagements using a whole lifecycle approach, guiding the client from initial discovery through mitigation and remediation

Preferred Qualifications

One or more of the following technical certifications preferred: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), MCFE, EnCE or equivalent certifications

Benefits

• Medical, dental, vision, disability, FSA, HSA, life and AD&D insurance, 401(k) Plan
• PTO, sick, holiday, & parental leave details are available
• We provide competitive compensation packages based on the market and your overall credentials