Remote Incident Response Security Consultant – Mandiant & Google Public Sector Cyber Threat Management Specialist (Hybrid Remote)

Why Join Our Mission‑Driven Team?

At Google Public Sector, we are on a relentless quest to empower government agencies, K‑12 schools, higher‑education institutions, and other public‑service organizations with world‑class technology solutions. Partnering with the elite Mandiant incident response team, we blend deep forensic expertise with the scale and innovation of Google Cloud to protect the nation’s most critical digital assets. As a Remote Incident Response Security Consultant, you will stand at the front line of cyber defense, helping public‑sector clients detect, contain, and remediate sophisticated threats while shaping the future of national cyber resilience.

About the Role – A Strategic Blend of Investigation, Leadership, and Innovation

In this hybrid remote position, you will leverage your hands‑on forensic skills, strategic thinking, and communication prowess to guide multi‑disciplinary teams through high‑stakes security incidents. You will work directly with Google’s public‑sector customers and Mandiant’s world‑renowned experts to deliver end‑to‑end incident response, from initial detection through post‑mortem analysis. This role is designed for professionals who thrive under pressure, love solving complex puzzles, and are eager to mentor junior analysts while continuously expanding their own expertise in cloud forensics, malware triage, and threat hunting.

Key Responsibilities – What Your Days Will Look Like

• Lead Incident Investigations: Partner with internal Google security engineers, Mandiant specialists, and customer incident response teams to conduct comprehensive investigations, identify root causes, and implement containment strategies.
• Develop and Codify Threat Intelligence: Capture attacker tools, tactics, and procedures (TTPs) as well as indicators of compromise (IOCs) and transform them into actionable intelligence that can be reused across future engagements.
• Perform Advanced Forensic Analyses: Execute host‑level forensics, network packet captures, log aggregation, and memory imaging to uncover hidden malicious activity.
• Automate Threat Discovery: Build and refine scripts, SIEM queries, and data pipelines that automatically ingest, enrich, and correlate threat data from internal and external sources.
• Drive Customer Impact Assessments: Evaluate the scope of compromise, advise on detection rule enhancements, and communicate necessary notifications to affected stakeholders.
• Mentor and Upskill Teams: Provide technical guidance, conduct knowledge‑share sessions, and contribute to the development of internal playbooks and training materials.
• Collaborate Across Functions: Work closely with product managers, legal counsel, executive leadership, and public‑sector program managers to align security outcomes with broader business objectives.
• Participate in Competitive Cyber Events: Represent the team in Capture the Flag (CTF) competitions and security‑focused platforms such as Hack The Box or TryHackMe to stay sharp and foster a culture of continuous learning.

Essential (Minimum) Qualifications – Foundations for Success

• At least 2 years of hands‑on experience conducting end‑to‑end incident response investigations, including containment, remediation, and post‑incident reporting.
• Minimum 2 years of experience with one or more of the following forensic domains: network forensics, malware triage, cloud forensics, or disk and memory analysis.
• Fluent English communication skills, both written and verbal, enabling clear interaction with internal stakeholders, executive leadership, legal teams, and external customers.
• Proven ability to work independently in a remote environment while maintaining high productivity and meeting tight deadlines.

Preferred Qualifications – Distinguish Yourself

• Industry‑recognized certifications in cloud security (e.g., Google Cloud Professional Security Engineer, AWS Certified Security – Specialty, or Microsoft Certified: Azure Security Engineer Associate).
• Active participation and achievement in security competitions, Capture the Flag (CTF) events, or platforms such as Hack The Box, TryHackMe, OverTheWire, and similar.
• Demonstrated experience translating complex technical findings into concise, actionable recommendations for non‑technical audiences, senior executives, and legal counsel.
• Exceptional time‑management and project‑management capabilities, with a track record of delivering multiple concurrent investigations on schedule.
• Familiarity with scripting languages (Python, PowerShell, Bash) and automation frameworks (AWS Lambda, Google Cloud Functions, or equivalent).

Core Skills & Competencies – The DNA of an Effective Consultant

• Analytical Mindset: Ability to dissect large data sets, spot anomalies, and reconstruct attack pathways.
• Technical Depth: Mastery of forensic tools (e.g., Volatility, EnCase, FTK), network analysis platforms (Wireshark, Zeek), and cloud monitoring services (Google Chronicle, AWS GuardDuty).
• Communication Excellence: Clear, compelling storytelling that bridges the gap between technical reality and strategic business impact.
• Collaborative Spirit: Proactive engagement with cross‑functional teams, fostering an inclusive environment where diverse viewpoints drive stronger outcomes.
• Adaptability: Comfort navigating rapidly evolving threat landscapes and adjusting tactics on the fly.
• Ethical Integrity: Commitment to confidentiality, data protection, and adherence to legal and regulatory standards governing public‑sector data.

Career Growth & Learning Opportunities – Your Path Forward

Google and Mandiant are committed to investing in your professional development. As a member of our incident response team, you will have access to:

• Sponsored certifications and advanced training in cloud security, digital forensics, and threat intelligence.
• Mentorship from senior Mandiant investigators and Google security leaders.
• Opportunities to lead large‑scale, high‑visibility engagements with federal, state, and local government agencies.
• Participation in internal research labs that pioneer new detection methodologies and automation techniques.
• Career mobility across Google’s broader security ecosystem, including roles in Security Architecture, Threat Intelligence, and Product Engineering.

Work Environment & Culture – A Remote‑First, Inclusive Team

Our hybrid remote model empowers you to work from anywhere within the United States while staying closely connected to our vibrant community. We champion a culture where:

• Flexibility is baked into every policy, allowing you to balance professional obligations with personal priorities.
• Diversity, Equity & Inclusion are core values. We actively seek perspectives from all backgrounds to enrich our problem‑solving capabilities.
• Collaboration thrives through regular virtual stand‑ups, cross‑time‑zone hackathons, and knowledge‑sharing sessions.
• Well‑being is prioritized through mental‑health resources, ergonomic home‑office stipends, and generous paid time off.
• Innovation is encouraged; you are empowered to propose new tooling, workflow improvements, and research initiatives.

Compensation, Perks & Benefits – More Than a Salary

The role offers a competitive base salary ranging from $105,000 to $154,000, complemented by performance‑based bonuses, equity grants, and a comprehensive benefits package that includes:

• Health, dental, and vision coverage with multiple plan options.
• 401(k) matching contributions and financial planning resources.
• Generous parental leave, adoption assistance, and flexible work schedules.
• Professional development budget for certifications, conferences, and coursework.
• Access to Google’s wellness programs, including virtual fitness classes, meditation resources, and employee assistance services.
• Annual technology stipend for home‑office upgrades and high‑speed internet reimbursement.

Equal Opportunity & Accessibility – Our Commitment

Google is proud to be an equal opportunity employer. We celebrate the richness of our diverse workforce and welcome applicants of any race, color, ancestry, religion, sex, gender identity, sexual orientation, age, disability, veteran status, or protected characteristic. If you require accommodations during the application or interview process, please let us know, and we will work with you to ensure an accessible experience.

How to Apply – Take the Next Step in Your Cybersecurity Journey

If you are ready to join a world‑class team that protects the nation’s most critical digital infrastructure, we want to hear from you. Submit your resume, a concise cover letter highlighting your most relevant incident response achievements, and any certifications that showcase your expertise.

Application Timeline

The application window remains open until at least September 6th, 2024. However, we may close the posting earlier if we find a suitable candidate, so we encourage you to apply promptly.

Final Thoughts – Your Impact Awaits

At Google Public Sector and Mandiant, you won’t just be responding to incidents—you’ll be shaping the security posture of government agencies, educational institutions, and other public‑service organizations that rely on your expertise every day. This is a unique chance to blend technical mastery with strategic influence, all while enjoying the flexibility of a remote career. Seize the opportunity, bring your talent to the table, and help safeguard the digital future of our nation.

Ready to Make a Difference?

Apply now and embark on a rewarding career where your skills protect lives, data, and public trust.