Lead Consultant (FortiGuard Incident Response) - APAC

Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic Lead Consultant (FortiGuard Incident Response) to contribute to the success of our rapidly growing business.

We are looking for a Lead Consultant – FortiGuard Incident Response to work in a dynamic and exciting new position reporting to the Director of Operations for FortiGuard Security Consulting Services. The analyst will work directly with members of a world class incident response and forensics team. Our team is comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics and threat actors’ TTPs. In this very hands-on customer facing role the consultant’s main objective is to lead and manage the incident response engagements and train/mentor other security consultants. Leveraging your in-depth understanding of the threat actors’ tactics, techniques, procedures and tools as well as our flagship FortiEDR tooling you will need to quickly glean situational awareness to provide guidance to the team members as well as to the client. In addition, from time to time the candidate will help to create threat research work products such as blogs and presentations. To be successful in this role the candidate must be possess strong consulting skills, deep technical skills and able to work under tight timelines.

• Lead IR engagements and mentoring/training junior analysts
• Serve as the primary contact for clients during investigations, delivering clear technical and executive-level updates.
• Continue to focus on process improvement for the customer facing incident response services
• Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems
• Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity
• Leverage our FortiEDR Platform to conduct investigations to rapidly detect and analyze security threats
• Contribute to threat intelligence consumption and generation within the FortiGuard threat intelligence ecosystem.
• Perform basic reverse engineering of threat actors’ malicious tools
• Develop complete and informative reports and presentations for both executive and technical audience
• Availability during nights/weekends as needed for IR engagements
• Perform memory forensics and file analysis as needed

An insightful and influential collaborator to join our team. We encourage you to apply for this position if you have the following qualities:

• Excellent written and verbal communication skills
• Experience interfacing with customers
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools a plus
• A solid understanding of Active Directory and how to secure is a plus
• Experience with of at least one scripting language: Shell, Ruby, Perl, Python, etc
• Ability to data mine using YARA, RegEx or other techniques to identify new threats
• Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis and malware persistence mechanism
• Strong knowledge of operating system internals and endpoint security experience.
• Able to communicate with both technical and executive personnel
• Static and dynamics malware and log analysis
• Analysis of Linux and MAC binary files and the understanding of MAC internals is a plus but not required.
• Highly motivated, self-driven and able to work both independently and within a team
• Able to work under pressure in time critical situations and occasional nights and weekends work
• Bachelor’s Degree in Computer Engineering, Computer Science or related field
• Or 10+ years’ experience with incident response and or Forensics

At Fortinet, we embrace diversity and inclusivity. We encourage applications from diverse backgrounds and identities. Explore our welcoming work environment designed for a rewarding career journey with an attractive Total Rewards package to support you with your overall health and financial well-being. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.

We will only notify shortlisted candidates.

Fortinet will not entertain any unsolicited resumes, please refrain from sending them to any Fortinet employees or Fortinet email aliases. Should any Agency submit any resumes to Fortinet, these resumes if considered, will be assumed to have been given by the Agency free of any related fees/charges.