
Surefire Cyber Inc.
Remote Jobs
From Response to Resilience.
12 Jobs
• This is a full-time remote opportunity, and you will perform a variety of restoration and recovery efforts while working closely with the Director of Restoration, Restoration team members, and the Digital Forensic and Incident Response team. • They will play a critical role in post-incident recovery, working alongside the DFIR team to restore systems and secure infrastructures after cyber incidents. Through meticulous remediation efforts and application of technical expertise, they’ll help clients regain operational stability and strengthen their defenses against future threats. • Actively share knowledge with team members cultivating a culture of continuous learning, and staying up to date on industry trends, emerging threats, and best practices. • Build strong professional relationships and serve as a trusted advisor during client-facing incident response engagements, contributing your advanced knowledge and expertise to post-incident recovery efforts. • Work closely with the DFIR team to assess and determine the scope and impact of cyber incidents. • Utilize experience with Active Directory, Group Policy Objects, ADSI, Windows Security, replication, Azure Active Directory Connect, and other relevant technologies to restore compromised systems. • Script and automate recovery processes using PowerShell and Windows command line tools. • Leverage experience in hypervisor technologies such as VMware, Hyper-V, Citrix XenServer, and Nutanix Acropolis to restore virtualized environments. • Work with various server hardware platforms including HP, Dell, Nutanix, and Cisco UCS. • Utilize experience with storage vendors such as Dell EMC, NetApp, HP/Nimble, and Pure Storage to recover data and systems. • Implement backup solutions such as Veeam, Backup Exec, Unitrends, and Zerto to ensure data recovery. • Manage desktop operating systems and deployments, including Windows 7/8/10/11. • Oversee enterprise messaging systems, including Exchange and M365. • Handle server-based computing environments, including Citrix and Terminal Services. • Leverage networking knowledge, including core switches, wireless access points, firewalls, and VPN configurations. • Implement two-factor and multi-factor authentication services such as Okta, DUO, Microsoft Authentication, Ping, RSA, and others. • Collaborate with internal teams, external partners, and clients to refine and document all restoration and recovery efforts, maintaining a clear and organized record of actions taken, lessons learned, and best practices. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
Principal Consultant, Digital Forensic and Incident Response
Surefire Cyber Inc.From Response to Resilience.
• Represent Surefire Cyber as a skilled technical forensic and consulting expert for clients across diverse industries during active incident response engagements. • Leverage extensive experience and technical skills to play a pivotal role in detecting and analyzing intrusions, offering clear guidance to clients navigating high-pressure response situations, and providing after-hours support as needed. • Demonstrate genuine curiosity, a commitment to continuous learning, and contribute valuable insights to support the team's knowledge growth. • Forensically lead incident response engagements, working with other team members to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct advanced forensic analysis to identify the scope and impact of security incidents meticulously and precisely, including malware analysis and reverse engineering when necessary. • Independently manage investigations ranging in size and complexity such as Business Email Compromises and Ransomware engagements. • Provide career development for a Forensic team consisting of 3-4 Consultants/Senior Consultants, by investing in their professional development conducting regular one-on-one conversations and providing guidance and recommendations on training opportunities. • Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to guide mitigation and prevention efforts. • Convey complex forensic findings to technical and non-technical stakeholders clearly and understandably. • Provide comprehensive supporting evidence for written reports detailing incident findings, and analysis. • Review, provide well thought out input, and provide guidance to other team members on forensic reports. • Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices. • Spearhead research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies. • Contribute to the development of internal processes and support broader organizational initiatives. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
• Build greenfield Python applications using agentic methods, including AI agent workflows with tools such as Claude Code, LangChain, or equivalent frameworks • Architect the scaffold layer that coordinates multi-agent pipelines, including role separation, context injection, and output validation • Integrate agentic systems with the GitHub-based knowledge store that serves as the org-wide context layer for engineering work • Evaluate and adopt new agentic tooling and LLM capabilities as they emerge, bringing structured recommendations to the team • Design and implement services, RESTful and event-driven APIs, and data access layers across Python backends and React frontends • Contribute to integration between internal services and external platforms, including third-party APIs relevant to IR workflows and business operations • Write code that other engineers can read, extend, and trust in production • Own and operate AWS infrastructure across all environments (dev, staging, production), including Kubernetes, Terraform, and CI/CD via GitHub Actions. Engineers here own what they ship, from code to infrastructure — that’s a feature, not a burden • Build monitoring, alerting, and observability so production issues surface early and resolve fast • Ensure infrastructure aligns with Surefire’s security and compliance requirements. We’re a cybersecurity company; security is a design constraint, not a review step • Identify weaknesses in the current architecture and propose pragmatic improvements with clear rationale.
• Serve as the internal point of contact for all team member technical issues — device problems, login access, troubleshooting, and “how do I…?” questions; resolve independently or escalate as appropriate. • Manage and triage IT tickets, ensuring timely resolution and clear communication. • Provide remote support across time zones: installations, connectivity, and access issues. • Maintain internal IT documentation, FAQs, and how-to guides. • Work with the people team to keep processes, policies, and operational documents current and communicated. • Manage day-to-day administration of our Microsoft 365 environment — email, collaboration, and cloud productivity tools. • Manage user accounts, groups, licenses, and roles across the M365 tenant. • Implement and maintain policies for data loss prevention, retention, secure collaboration, and conditional access. • Structure M365 resources to support collaboration while enforcing least-privilege access. • Administer centralized identity, device management, and directory services. • Manage MFA enrollment, enforcement, and troubleshooting. • Monitor and triage third-party vendor SOC alerts, escalating as appropriate. • Manage endpoint security: agent deployment, health monitoring, and alert triage. • Implement and enforce access control standards — least privilege, role-based access, and regular access reviews. • Maintain accurate asset inventory, reconciling against vendor records; manually track non-laptop assets such as monitors and other home office equipment. • Partner with the internal technology team to support investigation of any potential internal anomalous behavior. • Manage the lifecycle of company devices — primarily laptops — from procurement and provisioning through reuse and secure disposal. • Standardize device build configurations aligned to security and compliance requirements. • Ensure all devices meet required security baselines: disk encryption, EDR, OS patching, and local admin controls. • Collaborate with the people team to deliver a consistent, high-quality onboarding experience for new hires. • Prepare and ship devices; create accounts and assign role-based access. • Enroll users and devices in required security and identity systems. • Own the technical offboarding process: account disablement, access removal, data handoff, and device recovery. • Maintain and regularly refine onboarding and offboarding checklists to reduce risk and ensure nothing falls through the cracks. • Serve as an additional technology team contact for key IT and security vendors. • Help manage the inventory of software licenses and SaaS subscriptions, ensuring the right number of seats and tiers. • Identify and reclaim unused licenses; flag opportunities to consolidate or optimize tools. • Track renewals and entitlements; support finance and leadership on budgeting and capacity planning. • Maintain and update IT and InfoSec policies in collaboration with the CTO and the broader technology team. • Ensure policies align with how the environment is actually configured, closing gaps between written policy and practice. • Maintain clear, current documentation on architectures, standards, and procedures. • Monitor the health of core IT systems and security controls; respond to alerts and anomalies. • Identify recurring issues and drive root-cause fixes rather than one-off workarounds. • Look for opportunities to automate repetitive tasks — through scripts, workflows, policy templates, or AI-assisted tools. • Stay current on best practices for identity, endpoint security, and M365 administration.
• Lead and oversee active client-facing incident response engagements, working closely with other team members to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct scoping calls with clients to define the incident scope, objectives, and expectations of each engagement. • Work closely with other Engagement Leads and Forensic Consultants to ensure effective coordination of resources and expertise on client matters. • Build and cultivate strong client relationships based on trust, open communication, and collaborative problem-solving. • Provide well-informed solutions that go beyond immediate client challenges to achieve long-term security goals. • Communicate advanced cybersecurity concepts both internally and externally and produce clear and concise verbal and written reports detailing incident findings, and analysis. • Actively knowledge share with team members cultivating a culture of continuous learning, and stay up to date on industry trends, emerging threats, and best practices. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
• Support post-incident recovery efforts, collaborating with DFIR teams to assess the scope and impact of cyber incidents • Participate in restoring compromised systems to a pre-incident state, including data recovery, system configuration, and hardening • Assist in developing and executing tailored remediation plans based on technical, operational, and regulatory requirements • Reimage, rebuild, and reconfigure endpoints, servers, and affected services such as Active Directory, Exchange, Group Policy, and VPN • Use systems administration skills to restore and configure computing environments • Troubleshoot network issues and assist in resolving infrastructure-level connectivity or access problems • Contribute to the collection of digital artifacts and forensic evidence, supporting broader incident response • Apply foundational knowledge to investigate and address malware infections, unauthorized access, and system integrity issues • Implement endpoint protection and access control tools under supervision from senior R&R team members • Document all actions taken in a clear, structured format, capturing technical findings, decisions made, and lessons learned • Participate in after-hours (on-call/weekend rotational) support when needed to ensure 24/7 incident response coverage
Senior Consultant, Digital Forensic and Incident Response
Surefire Cyber Inc.From Response to Resilience.
• Demonstrate a commitment to learning and contribute valuable insights, actively seeking guidance when necessary. • Contribute to client-facing incident response engagements, working with other team members to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct advanced forensic analysis to precisely identify the scope and impact of security incidents, including malware analysis and reverse engineering when necessary. • Lead the forensic investigations on small to medium investigations such as Business Email Compromises and Ransomware engagements. • Provide mentorship and assist less experienced team members by sharing your knowledge and expertise to help others grow in their roles. • Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to guide mitigation and prevention efforts. • Convey complex forensic findings to technical and non-technical stakeholders clearly and understandably. • Provide comprehensive supporting evidence for written reports detailing incident findings, and analysis. • Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices. • Engage in research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies. • Contribute to the development of internal processes and support broader organizational initiatives. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
• Build and cultivate strong client relationships based on trust, open communication, and collaborative problem-solving. • Work closely with the Chief Delivery Officer, the broader Engagement Lead team, and the Forensic Consulting team to lead and oversee active client-facing incident response engagements, to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct scoping calls with clients to define the incident scope, objectives, and expectations of each engagement, providing regular client updates. • Work closely with the Project Management team, other Engagement Leads and the Forensic Consulting team to ensure effective coordination of resources and expertise on client matters. • Provide well-informed solutions that go beyond immediate client challenges to achieve long-term security goals. • Communicate complex cybersecurity concepts both internally and externally and produce clear and concise verbal and written reports detailing incident findings, and analysis. • Invest in career development and provide mentorship to a team size ranging from 3-5 Forensic professionals and/or members of the Principal Engagement Lead team. • Openly share knowledge and information with team members cultivating a culture of continuous learning, and staying up to date on industry trends, emerging threats, and best practices. • Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices. • Partner with Product and Marketing to contribute to Surefire Cyber content and attend various industry conferences or events as needed. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
Principal Consultant, Digital Forensic and Incident Response – DFIR
Surefire Cyber Inc.From Response to Resilience.
• Represent Surefire Cyber as a skilled technical forensic and consulting expert for clients across diverse industries during active incident response engagements. • Leverage extensive experience and technical skills to play a pivotal role in detecting and analyzing intrusions, offering clear guidance to clients navigating high-pressure response situations, and providing after-hours support as needed. • Demonstrate genuine curiosity, a commitment to continuous learning, and contribute valuable insights to support the team's knowledge growth. • Forensically lead incident response engagements, working with other team members to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct advanced forensic analysis to identify the scope and impact of security incidents meticulously and precisely, including malware analysis and reverse engineering when necessary. • Independently manage investigations ranging in size and complexity such as Business Email Compromises and Ransomware engagements. • Provide career development for a Forensic team by investing in their professional development conducting regular one-on-one conversations and providing guidance and recommendations on training opportunities. • Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to guide mitigation and prevention efforts. • Convey complex forensic findings to technical and non-technical stakeholders clearly and understandably. • Provide comprehensive supporting evidence for written reports detailing incident findings and analysis. • Review, provide well-thought-out input, and provide guidance to other team members on forensic reports. • Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices. • Spearhead research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies. • Contribute to the development of internal processes and support broader organizational initiatives. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
• This is a full-time remote opportunity, and you will perform a variety of restoration and recovery efforts while working closely with the Director of Restoration, Restoration team members, and the Digital Forensic and Incident Response team. • They will play a critical role in post-incident recovery, working alongside the DFIR team to restore systems and secure infrastructures after cyber incidents. • Through meticulous remediation efforts and application of technical expertise, they’ll help clients regain operational stability and strengthen their defenses against future threats. • Actively share knowledge with team members cultivating a culture of continuous learning, and staying up to date on industry trends, emerging threats, and best practices. • Build strong professional relationships and serve as a trusted advisor during client-facing incident response engagements, contributing your advanced knowledge and expertise to post-incident recovery efforts. • Work closely with the DFIR team to assess and determine the scope and impact of cyber incidents. • Utilize experience with Active Directory, Group Policy Objects, ADSI, Windows Security, replication, Azure Active Directory Connect, and other relevant technologies to restore compromised systems. • Script and automate recovery processes using PowerShell and Windows command line tools. • Leverage experience in hypervisor technologies such as VMware, Hyper-V, Citrix XenServer, and Nutanix Acropolis to restore virtualized environments. • Work with various server hardware platforms including HP, Dell, Nutanix, and Cisco UCS. • Utilize experience with storage vendors such as Dell EMC, NetApp, HP/Nimble, and Pure Storage to recover data and systems. • Implement backup solutions such as Veeam, Backup Exec, Unitrends, and Zerto to ensure data recovery. • Manage desktop operating systems and deployments, including Windows 7/8/10/11. • Oversee enterprise messaging systems, including Exchange and M365. • Handle server-based computing environments, including Citrix and Terminal Services. • Leverage networking knowledge, including core switches, wireless access points, firewalls, and VPN configurations. • Implement two-factor and multi-factor authentication services such as Okta, DUO, Microsoft Authentication, Ping, RSA, and others. • Collaborate with internal teams, external partners, and clients to refine and document all restoration and recovery efforts, maintaining a clear and organized record of actions taken, lessons learned, and best practices. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
2more opportunities are still waiting for you.Log in now and take your next shot before someone else does.