Description:
This role is client-facing and requires the Principal Consultant to lead and produce deliverables based on reactive services client engagements. The Principal Consultant will work directly with multiple customers and key stakeholders (Admins, C-Suite, etc) to manage incident response engagements and provide guidance on longer term remediation. Furthermore the Principal Consultant will act as a mentor and goto person to build up and strengthen our DFIR Service. Speaking at a conference, taking part in a Panel or representing Unit42 in any other ways are also part of the role.
Your Impact As a Principal Consultant
- Perform and lead reactive incident response functions including but not limited to: host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
- Examine log sources such as cloud provider platform native logs such as Microsoft M365, Microsoft Azure, Google Cloud, Google Workspaces and AWS.
- Investigate cloud security incidents using one of the following: Palo Alto Networks Prisma Cloud, Microsoft Defender, AWS Guard Duty, AWS CloudTrail, AWS CloudWatch.
- Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Palo Alto Networks investigation tools to determine source of compromises and malicious activity that occurred in client environments.
- Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations.
- Ability to perform travel requirements as needed to meet business demands (on average 20%).
- Mentorship of team members in incident response and forensics best practices.
Qualifications
Your experience
- 6+ years of incident response or digital forensics consulting experience with a passion for cyber security
- Strong leadership skills including experience managing a team or individuals
- Experience with leading complicated engagements including scoping, interfacing with the client, and have executed on a technical front
- Proficient with host-based forensics, cloud-based forensics and data breach response.
- Proficient with querying data sources such as logging platforms and databases (e.g. SQL, Splunk, Log Analytics Workspaces, XSIAM/XDR)
- Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
- Cloud consulting and/or cloud incident response experience required.
- Incident response consulting experience required
- Bachelor’s Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field