JOB DESCRIPTION AND RESPONSIBILITIES
Intelligent Security Operations Consultants are required to work on and lead security incidents and forensic analysis projects for customers.
We are seeking innovative and motivated Consultants who are able to perform under high pressure in a collaborative team environment.
It is critical for Consultants must be to use extensive technical knowledge and skills obtained through education and experience to perform the necessary tasks related to the driving the successful investigation of incidents and analysis projects to completion while ensuring Client meets the customer's goals.
Consultants are to be skilled at communicating clear oral and written messaging on sensitive subjects from the CXO to the IT staff level.
Each Consultant also will be required to maintain relationships with multiple client accounts.
While this role is typically remote services are delivered for clients based on the sensitivity of the client issue and on an ongoing basis to a lesser degree on customer's requirements and preferred working practices.
Provide assistance and support on security issues to sales and other team members as required to achieve overall benefits for the delivery of services to the customer and company as a whole as related to addressing findings from client engagements.
Gain and maintain a working knowledge of the Client Portfolio of Security Products and Services.
Promote the Client Portfolio of Security Products and Services with the customer, positioning best fit solutions that meet/enhance their Security Strategy and reduce risk.
Gain and maintain a high level knowledge of the Security Aspects of the general Client Portfolio Products/Service.
Continually review and enhance existing knowledge of analysis and investigations of common product sets and technologies.
To provide 'soft' consultancy skills and a proactive approach to gain the absolute trust of our customers.
Support and encourage consultancy team personnel.
Participate in providing mentoring support and guidance to team members to help grow skills and capabilities.
Expect up to or greater than 80% travel.
 
CANDIDATES APPLYING MUST HAVE STRONG SKILLS IN TWO OF THE FOLLOWING AREAS
Computer Security Incident Response
Must be able to analyze output from various technologies in order to effectively investigative security incidents.
Applicants need to be able to ascertain and determine not only root cause and damage caused, and additionally identify the methods utilized by intruder, as well as ascertain the ongoing potential risk and exposure to the breached system and to the greater client environment.
Candidates must be able to analyze event logs/system logs, from Windows Operating Systems, Unix/Linux Operating Systems, Cisco PIX/Switches/ Routers, Wireshark/Ethereal network captures.
Malware Analysis
Experience performing forensic analysis of Windows systems to identify and evaluate malware related compromise artifacts (3+ years).
Malware analysis and reverse engineering (3+ years).
Experience in building sandbox/test lab environments to evaluate malicious code.
Ability to identify actionable indicators of compromise based upon analysis of malware of forensic data.
Scripting and programming experience (e.g., Python, Perl, C, C++, Java, Assembly Language, Shell Scripting).
Strong research background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis preferred.
Computer Forensics
Skilled in the use of Access Data's Forensic Took Kit and Guidance Software EnCase 3+ years’ experience requested.
Candidates should have experience with both standalone and enterprise versions of forensic tools.
Candidates who support forensics are required to provide On-Call support and be able to travel on short notice.
Candidates should be able to perform roles of evidence custodian, evidence collector, evidence imager, & evidence examiner.
Candidates must be able to create ongoing process documentation for different investigation focuses as technology changes.
General Requirements
Be able to perform complex analytical tasks in high stress situations for extended periods of time.
Candidates must be able to communicate with client executives up to CIO or CISO level.
Candidates are required to carry a cell phone and provide 24/7/365 On-Call support for reported computer security incidents to a global client base.
All candidates must be able to work 10-20% overtime.
Candidates must be able to conduct service implementations for new clients.
Ensure weekly and monthly reporting to client is performed.
Assume ownership of escalated reported incidents and coordinate activities with Global Security Operations Center (GSOC) in support of incident investigations.
Be able to clearly understand and articulate process and procedure documents within Incident Response, to security operations centers, account teams and client security organizations.
Travel to client site or data centers may be required based on size and scope of the security incident.
Candidates must hold at least one of the following: CISSP, MCSE 2003 or greater, Solaris Certified Administrator, Access Data Certified Examiner, EnCase Certified Examiner, Cisco CCNA, SANS GCFA or GCIH.  
Candidates must hold at least one of the following: CISSP, MCSE 2003 or greater, Solaris Certified Administrator, Access Data Certified Examiner, EnCase Certified Examiner, Cisco CCNA, SANS GCFA or GCIH.
 
QUALIFICATIONS
Education and Experience Required: 5+ years of professional experience and a Bachelor of Arts/Science in computer science or information security; candidates without a degree must have three additional years of relevant professional experience (8+ years in total).
 
KNOWLEDGE AND SKILLS REQUIRED
Has sufficient depth and breadth of technical knowledge to be individually responsible for the design and scope of deliverables within a field of expertise.
Has led small team in delivery of a specific deliverable.
Has mastered at least one technical discipline with strong knowledge in at least three major technology areas.
Possesses advanced level of business, technical, or functional knowledge.
Has ability to perform/drive resolution of problems on combinations and interactions of products.
Ability to apply technology and consulting to solve a client business problem.
Able to communicate and present complex issues with assurance and confidence.
 
DEMONSTRATES THE USE OF CONSULTING SKILLS INCLUDING
Questioning, listening, ideas development, permission and rapport, and influencing.
Ability to conduct/lead oral status/technical interchange meetings with clients on small to medium sized engagements.
Owns and produces customer documentation.
Ability to translate technical details into concise and easy to understand written form.
Ability to write relevant components of a proposal document (e.g. answer specific RFP questions).
Ability to translate verbal requirements from face to face client meetings into requirements documents, statements of work, and proposals.
Able to discuss (within own area of expertise) requirements with a customer, and to challenge and clarify when appropriate.
From the requirements, able to develop a high level design or plan, and then estimate the amount of effort required to deliver.
Able to advise the engagement owner about the risks associated with this work package.
Ability to work with a team to provide written responses to technical proposals and /or reports/documentation for delivery.

13 Oct 2017 -save job - original job