Consultant, DFIR, Reactive Services (Unit 42) - Remote

About The Position

Requirements

• 2+ years of incident response or digital forensics experience with a passion for cybersecurity
• Proficient with host-based forensics and data breach response
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, WireShark, TCPDump, and open-source forensic tools
• Ability to grow into a valuable contributor to practice and, specifically
• have an external presence via public speaking, conferences, and/or publications
• have credibility, executive presence, and gravitas
• be able to have a meaningful and rapid delivery contribution
• have the potential and capacity to understand all aspects of the business and an excellent understanding of PANW products
• be collaborative and build relationships internally, externally, and across all PANW functions, including the sales team
• Bachelor’s Degree in Information Security, Digital Forensics, Cyber Security, Computer Science, related field, or equivalent experience required

Nice To Haves

• Incident Response Consulting is highly preferred

Responsibilities

• Perform reactive incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs)
• Examine firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity
• Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Unit 42 investigation tools to determine the source of compromises and malicious activity that occurred in client environments
• Serve an active role on unit 42, incident response engagements - guiding clients through digital forensics investigations, containment of security incidents, and providing guidance on tactical remediation recommendations
• Ability to perform light travel requirements as needed to meet business demands (on average 30%)