Description:
As a valued member of Arctic Wolf’s Incident Response team, you will deliver support during and in the immediate aftermath of a cyberattack. Throughout the incident response process, you will work side-by-side with the rest of the incident response team to collect digital artifacts, restore systems, reconfigure domain controllers and firewalls, troubleshoot network issues, perform triage forensics investigations, coordinate with clients, and provide any other IT-related tasks necessary to restore the client’s business operations. Candidates for this role exhibit calmness under pressure, have excellent communication skills and have a strong desire to resolve client challenges in times of high stress.
Responsibilities:
General:
- Perform as a senior member of the Incident Response and Restoration & Remediation teams and as a part of the greater Arctic Wolf Incident Response team.
- Deep understanding of full life-cycle data breach investigations from end-to-end (triage, collections, securing the environment, restoring/rebuilding of systems and ensuring client functionality)
- Technical expertise and ability to troubleshoot, diagnose and repair systems and networks.
- Demonstrated abilities and professional experience with host-based and network-based security issues
Client Management:
- Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support prompt response and remediation.
- Self-starter committed to meeting tight deadlines with a strong work ethic.
- Demonstrates professionalism, has a positive attitude, and is an extension of Arctic Wolf’s brand in the marketplace.
- Excellent verbal and written communication skills with an emphasis on customer service
Qualifications:
Required
- Advanced progression and professional experience involving work directly related to restoration, recovery, configuration, and troubleshooting of networks and general IT capabilities
- End-to-end understanding of engagements and steps within the IR workflow: initial triage, collections, imaging, securing, and hardening of the environment and overall security posture, restoring/rebuilding systems and getting the client functional
- Ability to respond to inquiries and work beyond normal business hours, provide mentorship to junior level team members and can be relied upon as a trusted resource
- Skilled with promoting new domain controllers, seizing Flexible Single Master Operations (FSMO) roles, DNS troubleshooting, rebuilding System Volumes (SYSVOL), and rebuilding Distributed File System Replication (DFSR) or File Replication Service (FRS).
- Proficient with Active Directory/Exchange administration
- Expertise with rebuilding and recovering Exchange Systems from Server 2010 onwards
- Familiarity with /recover server switch on setup, rebuilding virtual directories, repairing databases, and using recovery databases
- Adept with supporting Microsoft Windows workstations and applications
- Expert with firewalls, VPN’s, Active Directory, Group Policy, Linux, and Windows systems
- Professional work history and experience with Hypervisors, including ESXI / VMWare Hyper-V
- Provide well-thought-out findings and provide professional guidance, both in technical and non-technical terms, to help customers re-establish business operations
- Excellent relationship management, customer service, and communication skills in multiple forms (written, conference calls, in-person/virtual meetings)
- Prior consulting experience within digital forensics or incident response