at Fortinet Inc in Sunnyvale, California, United States
We are looking for a Senior Incident Response Lead Consultant to work in a dynamic and exciting new position reporting to the Practice Director of Digital Forensics and Incident Response. The analyst will work directly with members of a world class incident response and forensics team. Our team is comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics and threat actors TTPs. In this very hands-on customer facing role the consultant's main objective is to lead and manage the incident response engagements and train/mentor other security consultants. Leveraging your in-depth understanding of the threat actors' tactics, techniques, procedures and tools as well as our flagship FortiEDR tooling you will need to quickly glean situational awareness to provide guidance to the team members as well as to the client. In addition, from time to time the candidate will help to create threat research work products such as blogs and presentations. To be successful in this role the candidate must be possess strong consulting skills, deep technical skills and able to work under tight timelines.
Lead IR engagements and mentoring/training junior analysis
Continue to focus on process improvement for the customer facing incident response services
Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems
Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity
Leverage our FortiEDR Platform to conduct investigations to rapidly detect and analyze security threats
Preform basic reverse engineering of threat actor's malicious tools
Develop complete and informative reports and presentations for both executive and technical audience
Availability during nights/weekends as needed for IR engagements
Perform memory forensics and file analysis as needed
Monitor underground forums, our FortiGuard Threat Labs, along with other open-source intelligence outlets to maintain proficiency in latest actor tactics and techniques
Experience with of at least one scripting language: Shell, Ruby, Perl, Python, etc
Ability to data mine using YARA, RegEx or other techniques to identify new threats
Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools a plus
Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger
Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis and malware persistence mechanism
Strong knowledge of operating system internals and endpoint security experience.
Able to communicate with both technical and executive personnel
Static and dynamics malware and log analysis
Excellent written and verbal communication skills a must
Reading and writing skills of non-English languages such as Chinese and Russian a plus
Analysis of Linux and MAC binary files and the understanding of MAC internals is a plus but not required.
Highly motivated, self-driven and able to work both independently and within a team
Able to work under pressure in time critical situations and occasional nights and weekends work
A good understanding of Active Directory a plus
Bachelor's Degree in Computer Engineering, Computer Science or related field
Or 10+ years' experience with incident response and or Forensics
The US base salary range for this full-time position is $160,000-$200,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.
Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.
All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company's discretion.
EEOC / AAPAccommodation: If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact Fortinet, Inc at (408) 235-7700 of email@example.com for assistance.EEO: All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.