Regional Director of Incident Response

We are looking for a Director of Incident Response to work in a dynamic and exciting new position reporting to the Global Vice President of Professional and Security Services.  The Director will manage a regional  incident response and forensics team.  Our team is comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics and Threat Actors TTPs.  In this sales/partner/customer facing role the Director’s main objective is to build an incident response practice that stops the bad guys and provide superior customer service to our customers. In your daily tasks they will manage and review the output and deliverables from the team that investigate security events from Fortinet’s EDR platform as well as analysis of forensic data and end-point events, perform malware analysis, and respond to multiple security incidents. The Director will lead the charge in creating threat research work products such as blogs and presentations.   

Team Responsibilities the Director will manage: 

• Review incoming security events to perform initial triage of events
• Identify and analyze alerts that appear highly suspicious and notifying customs of malware infections
• Identify false positives and categorize them matching them to similar events from the past
• Work on escalated events and help to assist other team members
• Assist in enhancing and tuning Fortinet’s Cloud Services and Automated Incident Response (AIR) system
• On occasions perform full Incident Response (IR) and/or memory forensics using open-source tools
• Collaborate threat marketing group; pass analyzed data for the team to write and report on discovered threats
• Monitor underground forums and TOR sites along with other open-source intelligence outlets to maintain proficiency in latest actor tactics and techniques 
• Preform basic reverse engineering of threat actor’s malicious tools such as malware 

Required Skills:

• Experience building an Incident Response Practice
• Experience Managing a Team of Professionals
• Thorough relevant experience as a contributing member of a threat intelligence or incident response team 
• Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger 
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis and malware persistence mechanism
• Strong knowledge of operating system internals and endpoint security experience. 
• Hands-on experience with full memory forensics, debugging of crash-dumps 
• Excellent written and verbal communication skills a must
• Reading and writing skills of non-English languages such as Chinese and Russian a plus
• Analysis of Linux and MAC binary files and the understanding of MAC internals is a plus but not required.
• Highly motivated, self-driven and able to work both independently and within a team
• Able to work under pressure in time critical situations 

Education: 

• Bachelor’s Degree in Computer Engineering, Computer Science or related field
• Or 5 to 8+ years’ experience with incident response and or Forensics