Title: Incident Response Lead
Location: Palo Alto, CA
Duration: Direct Hire
We are building the next generation computer security incident response team for our global enterprise and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking information security specialist who have expertise in network security monitoring, reverse engineering, host forensics, and incident response.
The ideal candidates will have an open mind, bring a fresh perspective to a new incident response team and be passionate about protecting, defending and responding to computer related incidents.
The senior incident response lead will be directing an agile group of host forensics and incident response personnel. You will be working with enterprise forensic capable systems, log analysis systems, and network collection systems to respond to incidents at a global scale. You will work with industry respected malware and network analysts to coordinate a best in class response to computer related incidents.
- Strong analytical, documentation, and communication skills.
- Familiarity with Windows, Apple, and Linux based operating systems (e.g. XP, Windows 7, 2003, 2008, OS X).
- 2+ years of experience in information security. Senior Level requires 5+ yrs experience
- 2+ years of experience working on computer security incident response team.
- Intermediate skills in malware analysis for Windows based malware.
- In-depth knowledge of live forensics with enterprise forensics tools such as EnCase Enterprise, Active Defense or Mandiant Intelligent Response.
- Analytical understanding of Windows registry, NTFS, malicious documents (Office and PDF), Memory, Prefetch and Windows event logs.
- Working knowledge of TCP/IP, DNS, HTTP,SMTP and SNMP.
- Strong understanding of network traffic analysis.
- Used and proficient in EnCase, AccessData or similar forensics software
- Understand standard forensic methodology.
- Experience leading agile IR teams
- Accredited degree in computer science or information technology or equivalent years of experience.
- Experience with version control software (e.g. Git, SVN,CVS) a plus.
- Experience with enterprise information security data management tools such as ArcSight or Splunk.
- Maintain or received forensics or incident response certification (e.g. EnCE, GCFA, GREM, or GCIA)
- Taught or informally trained on the subject incident response or forensics analysis.
- Knowledge of two or more of the following languages (Perl, Python, C, C++, C#, Objective C, Ruby, Lisp, Scheme, IA-32/IA-32e assembly, ARM, Power PC, MIPS, SPARC, Shell, SQL, HTML, CSS, XSLT, XML, Java, or EnScript).
- Presented or been published at conferences or peer reviewed journal a plus.