Incident Response Remediation Consultant

FireEye, Inc.

Company Description

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. Learn more about FireEye’s world-class solutions and global footprint at

Job Description

Interested in investigating computer crimes and breaches that make the headlines – and many more that don’t? Can you think like an attacker to stay one step ahead of them, or understand the operational security controls needed to detect, remediate, and prevent compromises? Mandiant seeks Incident Response Remediation Consultants with strong technical skills and an eagerness to lead projects and work with our clients. Candidates will need to apply their Active Directory, network architecture, security hardening, and logging enforcement skills to assist clients with containment and remediation workstreams. Our consultants must be comfortable working in teams to tackle challenging projects, communicating with clients, providing hands-on assistance with containment and remediation activities, and creating and presenting high-quality deliverables.


  • Lead and provide guidance to clients for Incident Response containment and remediation activities
  • Provide project management and governance for large-scale remediation engagements, consisting of multiple workstreams and resource assignments
  • Create and document detailed remediation guides and tracking documents, for clients to leverage to prepare for and execute a coordinated remediation event
  • Design and assist clients with network architecture enhancements and configuration modifications to defend against identified threats and attacker techniques
  • Recommend and document specific counter-measures and mitigating controls
  • Review and assist clients with implementing hardening controls and group policy enforcement for Active Directory architectures
  • Assist clients with implementation of multi-factor authentication and additional technologies for hardening access controls for applications and enterprise environments
  • Plan and coordinate for enterprise-scale password resets across multi-domain trust environments
  • Document and implement hardening controls for Windows and Unix endpoints
  • Build and execute scripts to query and enforce configuration parameters for Active Directory environments
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate remediation strategies and workstreams to client stakeholders including technical staff, executive leadership, and legal counsel
  • Assist with scoping prospective engagements, participating in engagements from kickoff through full remediation, and mentoring less experienced staff


  • Bachelor’s degree in a technical field
  • Minimum 2-5 years of comparable experience; minimum 8 years of experience if no degree 
  • Technical expertise in at least three of the following areas:
    • Prior experience as a lead system administrator or network engineer in an enterprise environment
    • Thorough understanding of enterprise security controls in Active Directory / Windows environments
    • Active Directory Trusts and Architectures
    • Privileged Access Management best practices
    • Windows and Unix endpoint hardening and security control enforcement
    • Expertise in enforcing application whitelisting and host-based restrictions
    • Implementation and enforcement of technologies such as Credential Guard and Device Guard
    • Understanding of enterprise networking and knowledge of network segmentation strategies
    • Implementation and management for both network and host-based firewall configurations
    • Implementing logging configurations for network devices and Windows and Unix endpoints
    • PowerShell scripting

Additional Qualifications:

  • Willingness to travel up to 30%
  • Ability to successfully interface with both internal and external clients
  • Ability to document and explain technical details in a concise, understandable manner
  • Ability to manage and balance own time among multiple tasks, and lead junior staff when required

To apply for this job please visit

Leave a comment
scroll to top