Responsibilities for the Principal Incident Response Security Consultant include:
* Perform reactive incident response functions including but not limited to host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
* Examine firewall, web, database, and other log sources to identify evidence of malicious activity.
* Investigate data breaches leveraging forensics tools including Encase, FTK, X-Ways, SIFT, Splunk, and custom Crypsis investigation tools to determine the source of compromises and malicious activity that occurred in client environments.
* Manage incident response engagements to scope work, guide clients through forensic investigations, contain security incidents and provide guidance on longer-term remediation recommendations.
* Ability to perform travel requirements as needed to meet business demands (on average 20%).
* Mentorship of team members in incident response and forensics best practices.