FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,000 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.
Protect industrial networks and ICS/SCADA systems.
Our Industrial Response Security Consultants combine industry-leading FireEye security technology and intelligence to deliver incident response, compromise assessments and threat modeling to clients within the Industrial Control Systems space.
The risk profile of controls systems is continually changing as Operational Technology (OT) and IT networks become increasingly interconnected. The changing risk profile increases FireEye's need to assist clients in preventing, detecting, responding to, and recovering from cyber security incidents involving control systems. Our investigations expose threats targeting power plants, water, manufacturing systems, and other control systems. Our teams then develop innovative analytics for detection, support investigations, and incident response solutions.
Responsibilities:Act as a subject matter expert (SME) on ICS matters to the larger consulting practiceConduct log analysis, host and network forensics in support of incident response investigationsWork with IT and OT client staff to conduct a thorough investigation and implement an effective remediation strategyRecognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied in current and future investigationsHunt for active threats and malicious activity within control systems and identify possible attack vectorsDevelop comprehensive and accurate reports and presentations for both technical and executive audiencesConduct table top exercises based on first hand knowledge of real world attacks to help organizations better prepare for future attacksEffectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Requirements:Excellent verbal and written communication skillsHands-on experience in log analysis, host and network forensicsHands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, RTUs, HMI and Distributed Control Systems (DCS)Well-versed in various control frameworks, including: IEC62443, NERC CIP, NISTFundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)Familiarity with Unix and Windows operating systems and administrative tools
Additional Qualifications:Willingness to travel up to 50%Ability to successfully interface with both internal and external clientsAbility to document and explain technical details in a concise, understandable mannerSelf-motivated and results focused; ability to strengthen the team and its missionGlobal Industrial Cybersecurity Professional (GICSP), Certified SCADA Security Architect (CSSA), or Certified Information Systems Security Professional (CISSP) Certifications a plus
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.