Lead Consultant - Kuala Lumpur - Fortinet Philippines

Lead Consultant (FortiGuard Incident Response)

Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world's largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey.

We are currently seeking a dynamic Lead Consultant (FortiGuard Incident Response) to contribute to the success of our rapidly growing business in Malaysia (Kuala Lumpur), Hong Kong, Singapore.

You will work directly with members of a world-class incident response and forensics team. Our team is comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics, and threat actors TTPs.

Responsibilities:

• Lead IR engagements and mentoring/training junior analysis.
• Continue to focus on process improvement for the customer-facing incident response services.
• Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems.
• Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.
• Leverage our FortiEDR Platform to conduct investigations to rapidly detect and analyze security threats.
• Perform basic reverse engineering of threat actor's malicious tools.
• Develop complete and informative reports and presentations for both executive and technical audiences.
• Availability during nights/weekends as needed for IR engagements.
• Perform memory forensics and file analysis as needed.
• Monitor underground forums, our FortiGuard Threat Labs, along with other open-source intelligence outlets to maintain proficiency in latest actor tactics and techniques.

We Are Looking For:

• Experience with at least one scripting language: Shell, Ruby, Perl, Python, etc.
• Ability to data mine using YARA, RegEx or other techniques to identify new threats.
• Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools a plus.
• Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger.
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis and malware persistence mechanism.
• Strong knowledge of operating system internals and endpoint security experience.
• Able to communicate with both technical and executive personnel.
• Static and dynamics malware and log analysis.
• Excellent written and verbal communication skills a must.
• Reading and writing skills of non-English languages such as Chinese and Russian a plus.
• Analysis of Linux and MAC binary files and the understanding of MAC internals is a plus but not required.
• Highly motivated, self-driven and able to work both independently and within a team.
• Able to work under pressure in time-critical situations and occasional nights and weekends work.
• A good understanding of Active Directory a plus.
• Bachelor's Degree in Computer Engineering, Computer Science or related field.
• Or 10+ years' experience with incident response and or Forensics.