Incident Response & Strategic ConsultantPrimary Location Remote Canada Date posted 01/07/2021
Job Title:Incident Response & Strategic Consultant
Remote United States
Role Overview:-McAfee Advanced Cyber Threat Services (McAfee ACTS, formerly Foundstone) team is looking for a technical, passionate pragmatic information security professional with Emergency Incident Response/Cybersecurity experience to report into the Director the Professional Services. You will be part of our Emergency Incident Response team. You must be a strong leader/senior, with excellent people and management skills and ability to take ownership of assignments and execute with speed and accuracy. You also need to able to work beyond normal business hours and willing to travel locally and/or internationally, if needed.
From device to cloud, McAfee provides market-leading cybersecurity solutions for both business and consumers. We help businesses orchestrate cyber environments that are truly integrated, where protection, detection, and correction of security threats happen simultaneously. For consumers, McAfee secures your devices against viruses, malware, and other threats, both at home and away. We want to continue to shape the future of cybersecurity by working together to build best in class products and solutions.
- You will be experienced in managing large and complex client environments and meet their business requirements by evaluating their security controls, architecture and operations against industry best practices
- Assess and develop risk management/mitigation controls and strategies via technical testing and conducting risk assessments and develop actionable remediation guidance.
- You will have performed IR/SOC Gap Assessments and Development
- You have a basic understanding of the McAfee product suites to be able to intelligently discuss with clients how the Foundstone Services can support and be supported by McAfee technology and solutions at a highly level.
- You have an understanding in development of engagement scoping and proposals and making customer presentations
- You have 5 plus years of consultative experience/IR/Forensic and security experience
- You will have one or more of the following technical certifications or equivalents: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or similar
About The Role
- Lead Emergency Incident Response (EIR) engagements and guide clients through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations). Provide guidance on tactical and strategic response and remediation recommendations.
- Ability to adopt and apply Containment, Mitigation, and Remediation concepts based on TTP’s.
- Perform live response, malware analysis, volatile data collection and analysis on hosts and/or network data.
- Correlate and analyze Windows, Linux to identify Indicators of Compromise (IOCs).
- Strong in network forensics (TCP/IP networking) /traffic analysis, digital forensics
- Ability to examine firewall, Web, database, and other log sources to identify evidence of malicious activity
- Leveraging various forensics tools including Encase, FTK, X-Ways, SIFT/ open source, Splunk, and other tools to determine source of compromises and/or malicious activity that occurred in client environments.
- Display an understanding of security best practices, security gap assessments, penetration testing / Cyber Kill Chain, NIST, MITRE ATT&CK, etc.
- Perform vulnerability assessments to identify security issues in client environments.
- Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
- Experience or familiarity programming in at least one of the following: Python, Powershell, Bash, Shell Script, Batch, VBscript would be beneficial
- Deliver professional consulting services across Professional Services portfolio and ability to manage multiple deliverables simultaneously.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Pension and Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
We're serious about our commitment to diversity which is why McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.