FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,000 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.
Protect industrial networks and ICS/SCADA systems
Our Industrial Response Security Consultants combine industry-leading FireEye security technology and intelligence to deliver incident response, compromise assessments and threat modeling to clients within the Industrial Control Systems space.
The risk profile of controls systems is continually changing as Operational Technology (OT) and IT networks become increasingly interconnected. The changing risk profile increases FireEye's need to assist clients in preventing, detecting, responding to, and recovering from cyber security incidents involving control systems. Our investigations expose threats targeting power plants, water, manufacturing systems, and other control systems. Our teams then develop innovative analytics for detection, support investigations, and incident response solutions.
Act as a subject matter expert (SME) on ICS matters to the larger consulting practice
Conduct log analysis, host and network forensics in support of incident response investigations
Work with IT and OT client staff to conduct a thorough investigation and implement an effective remediation strategy
Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied in current and future investigations
Hunt for active threats and malicious activity within control systems and identify possible attack vectors
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Conduct table top exercises based on first hand knowledge of real world attacks to help organizations better prepare for future attacks
Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Excellent verbal and written communication skills
Hands-on experience in log analysis, host and network forensics
Hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, RTUs, HMI and Distributed Control Systems (DCS)
Well-versed in various control frameworks, including: IEC62443, NERC CIP, NIST
Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
Familiarity with Unix and Windows operating systems and administrative tools
Willingness to travel up to 50%
Ability to successfully interface with both internal and external clients
Ability to document and explain technical details in a concise, understandable manner
Self-motivated and results focused; ability to strengthen the team and its mission
Global Industrial Cybersecurity Professional (GICSP), Certified SCADA Security Architect (CSSA), or Certified Information Systems Security Professional (CISSP) Certifications a plus
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.