Employment Opportunity

Staff Incident Response and Forensic Investigator

Farmers Branch, Texas, Palo Alto, California

Salary: Not stated

Final Filing Date: Open until filled

The VMware Security Incident Response Team (vSIRT) responds to cyber threats targeting VMware systems, applications, infrastructure, information, and users. The Staff Incident Response Analyst is a highly technical role responsible for managing and leading the response to computer security incidents and performing forensic analysis. The ideal candidate will have strong experience with response to advanced cyber attacks, malware analysis, system compromise, forensic analysis, training and awareness, and investigations for large enterprises. The candidate will have expertise with large scale incident response and forensic analysis.

Duties and Requirements Click to read more


  • Providing subject matter expertise on incident response and forensic analysis.
  • Implementing processes, capabilities, and techniques for incident response and forensic analysis.
  • Responding to security incidents escalations from Information Security teams.
  • Performing triage and analysis on workstations, servers, mobile devices, cloud platforms, and network infrastructure.
  • Performing forensic acquisitions of systems, memory, and volatile data using forensically sound practices.
  • Identification of malware using memory analysis, live forensics, and hard drive forensics.
  • Performing malware analysis through peer collaboration, sandboxed analysis, and reverse engineering.
  • Identifying key Indicators of Compromise (IOCs) from new or unknown malware and developing rules and signatures for detection.
  • Contributing to active threat hunting programs and security monitoring use cases.
  • Contributing to the strategic direction for incident response and forensic analysis capabilities at VMware.
  • Maintaining relationships with industry peers, partners, internal staff and auditors.
  • Identifying and documenting lessons learned from incidents, participating in remediation requirements definition.
  • Mentoring other staff in analysis and remediation techniques.
  • Maintaining current knowledge of emerging cyber security threats.
  • Maintaining a high level of confidentiality.


  • 12 years of experience in incident response, forensic analysis, and malware research.
  • Extensive experience with memory and hard drive forensic analysis using industry standard tools (Encase, X-Ways, BlackBag, FTK, Volatility, Rekall, Mandiant Redline, HB Gary Responder Professional, RegRipper, and FTK Imager).
  • Experience with YARA rule and OpenIOC signature creation.
  • Experience with incident response and forensic analysis on cloud services (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
  • Strong understanding of threat analysis and incident response practices and methodologies.
  • Strong understanding of Internet security and networking protocols.
  • Strong knowledge of Windows, Linux, and OSX operating systems.
  • Strong analytical skills and ability to identify advanced threats.
  • Experience with multi-tiered mission-critical systems.
  • Scripting skills such as Python, Perl, Shell, Bash, RegEx, Splunk query language.
  • Ability to interact effectively at all levels of an organization, across diverse cultural and linguistic barriers, and as part of a geographically distributed team.
  • Ability to quickly adapt as the external environment and organization evolves.
  • Ability to prioritize projects and deliverables.
  • Comfortable facing new challenges and changes in direction.
  • Self-motivated, team player, and detail oriented.
  • Positive and constructive attitude.
  • Excellent written and verbal communications.
  • Availability outside working hours for high priority events.
  • Some travel required.
Desired skills/experience/certification:
  • Bachelor’s degree or equivalent experience, Master’s degree desirable.
  • Certifications such as GCIH, GCFE, GCFA, GREM, GNFA, GASF, CISSP.

Do you have the Education Required? See available on-line and campus-based degree programs now!

How to apply: Apply online

Posted: November 7, 2017

NOTE: The is not responsible for typographical errors or omissions in employment notices on this web site. Often, employers change final filing dates, change duties and/or requirements, or close employment openings without notice. If you are interested in a job posted on this site be sure to contact the employer to see if changes in the filing date or job announcement have been made. Employers can also provide more information about open positions that does not appear in the announcements on these pages.