Lead Consultant - FortiGuard Incident Response

About the Job:
We are looking for a Lead Consultant – Incident Response to work in a dynamic and exciting new position reporting to the Director of Operations for Security Consulting Services. The analyst will work directly with members of a world-class incident response and forensics team. Our team is comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics, and threat actors’ TTPs.
In this very hands-on customer-facing role, the consultant’s main objective is to lead and manage the incident response engagements and train/mentor other security consultants. Leveraging your in-depth understanding of the threat actors’ tactics, techniques, procedures, and tools, as well as our flagship tooling, you will need to quickly glean situational awareness to provide guidance to team members and clients. Additionally, from time to time, the candidate will help create threat research work products such as blogs and presentations.

Responsibilities:

• Lead incident response engagements and mentor/training junior analysts.
• Serve as the primary contact for clients during investigations, delivering clear technical and executive-level updates.
• Focus on process improvement for customer-facing incident response services.
• Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems.
• Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.
• Leverage the Platform to conduct investigations to rapidly detect and analyze security threats.
• Perform memory forensics and file analysis as needed.
• Contribute to threat intelligence consumption and generation within the threat intelligence ecosystem.
• Perform basic reverse engineering of threat actors’ malicious tools.
• Develop complete and informative reports and presentations for both executive and technical audiences.
• Availability during nights/weekends as needed for incident response engagements.

Required Skills:

• Excellent written and verbal communication skills.
• Experience interfacing with customers.
• Experience with at least one scripting language: Shell, Ruby, Perl, Python, etc.
• Ability to data mine using YARA, RegEx, or other techniques to identify new threats.
• Experience with forensic tools such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, and TCPDump.
• Familiarity with malware analysis tools such as IDA Pro, OllyDbg, or Immunity Debugger.
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques, and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis, and malware persistence mechanisms.
• Strong knowledge of operating system internals and endpoint security experience.
• Able to communicate with both technical and executive personnel.
• Experience with static and dynamic malware and log analysis.
• Knowledge of Linux and MAC binary files; understanding of MAC internals is a plus but not required.
• Highly motivated, self-driven, and able to work independently and within a team.
• Able to work under pressure in time-critical situations and occasional nights and weekends.
• A solid understanding of Active Directory and how to secure it is a plus.

Education:

• Bachelor’s Degree in Computer Engineering, Computer Science, or a related field, or 10+ years’ experience in incident response and/or forensics.

Location:
Saudi Arabia (On-site)
Employment Type:
Full-time