Senior Security Consultant, Incident Response
Fishnet Security - Atlanta, GA

This job posting is no longer available on Fishnet Security. Find similar jobs: Senior Security Consultant jobs - Fishnet Security jobs



FishNet Security is looking for a Senior Security Consultant / Incident Responder. The position will require an extensive understanding of digital investigations and underlying principles. Applicable fields of digital investigations include: computer forensics, network forensics, mobile forensics, ediscovery, malware analysis, memory analysis, and a strong understanding of information security principles. The applicant must be able to demonstrate an understanding of the required analytical skills, as well as the ability to address the preferred skills.

All applicants must be able to perform live incident response and have experience identifying and remediating malicious applications. Candidates will be screened for technical skills, personal skills, public presentation, written skills, team integration skills, verbal skills, and their ability to apply these skills in a real world scenario under pressure.

FishNet Security conducts all types of digital investigations. The investigation can range from sensitive data breach, virus outbreak, malware attacks, and internal / external exposures. Each investigation requires the applicant to be versatile and make the right decisions to help determine the root cause, contain the breach, and mitigate further exposure.

Incident Response is a very dynamic and volatile industry. All applicants must be willing to sacrifice their time at a moment’s notice, regardless of the time of day or day of week. If an incident comes in on a Friday the consultant must be willing to be on a plane the same day and work until the project is finished. In addition the position requires flexible work environments and times. Some days will require long hours of analysis and travel requirements, while others will be less stringent and require independent study and personal time management.

FishNet Security has multiple offices all over the USA; however most consultants are teleworkers and must be self-motivated to maintain proper time management and efficiency. There is also the expectation of international travel and ability to work in a different culture.




1) Maintain expert level knowledge in information security and remain current on evolving threats

2) Remain current on the latest tools and methodologies to identify. investigate, contain, and remediate current threats

3) Take leadership role in the evolution of FishNet investigative methodologies

4) Remain current on regulatory requirements affecting information security and digital investigations

5) Take leadership role in developing new service offerings to meet market demands


1) Perform all reactive digital investigations at proficient level

a) Cold disk forensics

b) Live system forensics

c) Network forensics

d) Mobile forensics

e) Ediscovery

f) Malware analysis and remediation

g) Memory analysis

h) Administrative lockdown

i) Threat containment

2) Perform all proactive investigations at proficient level

a) Incident response risk assessments

b) Incident management program development

c) Incident management playbooks

d) Incident management training

e) Attack simulation

f) Tabletop exercises

3) Onsite Project management and task prioritization

4) Manage multiple projects in various stages simultaneously

5) Manage client expectations and build client relationships

6) Supervise more junior candidates on investigations

7) Develop investigation/project plans

8) Keep investigative notes and send status updates

9) Write preliminary and final reports

10) Handle post-investigation follow-up

Leadership and Management

1) Mentor and train fellow team members in investigative tools and methodologies

2) Assist with employee interviews

3) Remotely lead and assist junior candidates in their investigations, as necessary

4) Develop training modules

Sales and Business Development

1) Assist in client pre-sales calls

2) Perform scoping responsibilities and presales paperwork

3) Identify upselling opportunities on existing engagements


1) Perform public speaking engagements

2) Perform webinars

Write whitepapers and 6Labs blog articles


Required Experience and Education:

8+ years total information security experience

5+ years of live incident response

5+ years of forensic analysis

5+ years of network traffic analysis and deep packet inspection

5+ years of working with computer hardware

5+ years of malware analysis

3+ years of policy, procedure, and program development

3+ years of systems administration

3+ years of network administration

3+ years of technical consulting

1+ years software development or scripting experience

Education: College Degree (computer related or engineering related field)

Required Skills and Knowledge:

  • Conduct Forensic Acquisitions
  • FTK Imager
  • EnCase
  • FTK
  • Helix 3
  • "dd"
  • MacQuisition
  • Hardware duplicators
  • Live memory collection
  • Conduct Forensic and Incident Response Analysis
  • EnCase v6+
  • FTK
  • FireAMP
  • Volatility
  • NetWitness
  • WireShark
  • Understand the following analysis techniques
  • Malware behavioral analysis
  • Network traffic analysis
  • Memory
  • Volatile data
  • Prefetch analysis
  • INDX record recovery and analysis
  • Timeline analysis
  • INFO2 records
  • File Signature analysis
  • GREP
  • EnScripts
  • Registry hive analysis
  • Complex documents and archives
  • Encryption / decryption algorithms
  • Manual partition analysis
  • Conditional and filter analysis
  • Boolean logic
  • Perform malware analysis and response
  • Cold-drive identification
  • Live system identification
  • Behavioral analysis
  • Reverse engineering
  • Containment
  • Remediation
  • General Technical Skills
  • Ability to read and create network diagrams
  • Ability to read and create data flow diagrams
  • Risk analysis and mitigation
  • Firewall configuration / programming
  • Microsoft domain administration
  • Linux administration
  • Technical Writing Skills
  • Ability to clearly explain technical findings to non-technical audiences
  • Express technical and analytical terms in plain understandable nomenclature
  • Create logical interpretations of analysis
  • Express deductive claims with supportive evidence
  • Provide executive summaries supported by technical details
  • General Software Proficiencies
  • Microsoft Office 2010
  • Adobe Acrobat
  • Sharepoint
  • Truecrypt
  • PGP
  • Speaking abilities
  • Public speaking and webinars
  • Whitepapers and publications
  • Seminars
  • Team leadership
  • Delegate responsibilities to supportive resources
  • Ensure deadlines are met
  • Validate quality of product provided by supportive resources
  • Maintain reputation and client satisfaction
  • Mentoring other team members
  • Strong technical writing skills
  • Identify and avoid substantive claims
  • Identify and avoid conjecture
  • Fluent in "legalese"

    Preferred Skills and Knowledge:

  • Malware reverse engineering
  • Manual decryption
  • Cipher and message digest identification
  • Alternative data streams
  • Steganography
  • User profiling
  • Hash analysis using preset hash libraries
  • EnCase entropy
  • Custom EnScripts
  • Mobile device acquisition and analysis
  • Cellebrite
  • Oxygen
  • BlackLight
  • General Technical Skills
  • Mainframe analysis and support
  • Database administration
  • Bilingual
  • Speaking abilities
  • Expert witness
  • Keynote speaking

    Special Requirements:


  • EnCase Certified Examiner (EnCE)
  • Payment Card Industry Qualified Security Assessor (PCI QSA)
  • Payment Application Qualified Security Assessor (PA-QSA)
  • Certified Information Systems Security Professional (CISSP)

  • Must have an updated passport

    Minimum Requirements:

    Certifications: EnCE, CISSP

    Although FishNet Security has attempted to accurately and thoroughly describe this position, we reserve the right to change, add to or subtract from the duties outlined, within the sole discretion of FishNet Security, at any time, with or without advance notice.

    Fishnet Security - 22 months ago - save job
    About this company
    4 reviews