Principal Consultant, Restoration and Remediation
Surefire Cyber Inc.
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
AzureCitrixCloudCyber SecurityFirewallsVMware
About the role
- Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises
- Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening
- Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions
- Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements
- Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity
- Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed
- Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance
- Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity
- Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths
- Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements
- Participate in after-hours response rotations during major incident events (on-call availability expected)
Requirements
- 10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering
- Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity
- Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends)
- Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise
- Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams
- Comfortable advising senior business and legal stakeholders during high-pressure engagements
- Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates
- Demonstrated experience mentoring and growing technical talent within a team
- Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign
- Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training.
- Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred.
Benefits
- Competitive compensation plan and total rewards package for team members
- Remote workforce
- Generous paid time off plan and floating holidays
- Paid parental leave
- Employer paid premiums for both team members and their dependents for medical, dental, and vision
- Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.
- Professional development and career advancement opportunities
- We prioritize employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecurityincident responsesystems administrationnetwork administrationinfrastructure engineeringremediation planningnetwork segmentationendpoint securityidentity access recoveryvirtualization
Soft skills
leadershipcommunicationmentoringadvisingproblem-solvingcollaborationtechnical coachingfeedbackproject guidanceclarity in documentation
Certifications
CISSPGCFAMCSEOSCP