From Response to Resilience.

Principal Consultant, Restoration and Remediation

ConsultantConsultantFull TimeRemoteTeam 11-50H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

146 days ago

Salary

Not specified

Bachelor Degree10 yrs expEnglishAzureCitrixCloudCyber SecurityFirewallsVmware

Job Description

• Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises • Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening • Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions • Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements • Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity • Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed • Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance • Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity • Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths • Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements • Participate in after-hours response rotations during major incident events (on-call availability expected)

Job Requirements

10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering
Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity
Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends)
Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise
Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams
Comfortable advising senior business and legal stakeholders during high-pressure engagements
Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates
Demonstrated experience mentoring and growing technical talent within a team
Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign
Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training.
Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred.

Benefits

Competitive compensation plan and total rewards package for team members
Remote workforce
Generous paid time off plan and floating holidays
Paid parental leave
Employer paid premiums for both team members and their dependents for medical, dental, and vision
Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.
Professional development and career advancement opportunities
We prioritize employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.