Due to the nature of our customers' business, we are seeking a Saudi national for the position of Lead Consultant – FortiGuard Incident Response. This dynamic and exciting role involves reporting to the Director of Operations for FortiGuard Security Consulting Services. The consultant will work directly with members of a world-class incident response and forensics team specializing in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics, and threat actors' TTPs.
In this hands-on, customer-facing role, the consultant’s main objectives will be to lead and manage incident response engagements and train/mentor other security consultants. Utilizing in-depth knowledge of threat actors' tactics, techniques, procedures, and tools—alongside our FortiEDR platform—the consultant will provide situational awareness and guidance to both team members and clients. The role will also involve creating threat research work products, such as blogs and presentations.
Responsibilities:
- Lead incident response engagements and mentor/training junior analysts.
- Focus on process improvement for customer-facing incident response services.
- Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems.
- Review various log sources (firewall, web, database, etc.) to identify malicious activities.
- Leverage the FortiEDR Platform for investigations to detect and analyze security threats.
- Perform basic reverse engineering of threat actors' malicious tools.
- Develop informative reports and presentations for both executive and technical audiences.
- Be available during nights/weekends as needed for incident response engagements.
- Perform memory forensics and file analysis as necessary.
- Monitor underground forums and open-source intelligence outlets to stay updated on actor tactics.
Required Skills:
- Proficiency in at least one scripting language (e.g., Shell, Ruby, Perl, Python).
- Ability to data mine using YARA, RegEx, or other techniques to identify new threats.
- Experience with forensic tools (e.g., EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump) is a plus.
- Knowledgeable in multiple EDR solutions and malware analysis tools (e.g., IDA Pro, OllyDbg, Immunity Debugger).
- Proven experience dealing with APT campaigns and understanding static and dynamic malware analysis techniques.
- Strong knowledge of operating system internals and endpoint security.
- Excellent written and verbal communication skills, capable of engaging both technical and executive personnel.
- Knowledge of Active Directory is a plus.
Education:
- Bachelor’s Degree in Computer Engineering, Computer Science, or a related field, or
- 10+ years of experience in incident response and/or forensics.
Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time
