Consultant, DFIR, Reactive Services (Unit 42)

About The Position

Requirements

• 2+ years of incident response or digital forensics experience with a passion for cybersecurity
• Proficient with host-based forensics and data breach response
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, WireShark, TCPDump, and open-source forensic tools
• Ability to grow into a valuable contributor to practice and, specifically have an external presence via public speaking, conferences, and/or publications have credibility, executive presence, and gravitas be able to have a meaningful and rapid delivery contribution have the potential and capacity to understand all aspects of the business and an excellent understanding of PANW products be collaborative and build relationships internally, externally, and across all PANW functions, including the sales team
• Incident Response Consulting is highly preferred
• Bachelor’s Degree in Information Security, Digital Forensics, Cyber Security, Computer Science, related field, or equivalent experience required

Responsibilities

• Perform reactive incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)
• Examine firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity
• Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Unit 42 investigation tools to determine the source of compromises and malicious activity that occurred in client environments
• Serve an active role on unit 42, incident response engagements - guiding clients through digital forensics investigations, containment of security incidents, and providing guidance on tactical remediation recommendations
• Ability to perform light travel requirements as needed to meet business demands (on average 30%)