• Support post-incident recovery efforts, collaborating with DFIR teams to assess the scope and impact of cyber incidents • Participate in restoring compromised systems to a pre-incident state, including data recovery, system configuration, and hardening • Assist in developing and executing tailored remediation plans based on technical, operational, and regulatory requirements • Reimage, rebuild, and reconfigure endpoints, servers, and affected services such as Active Directory, Exchange, Group Policy, and VPN • Use systems administration skills to restore and configure computing environments • Troubleshoot network issues and assist in resolving infrastructure-level connectivity or access problems • Contribute to the collection of digital artifacts and forensic evidence, supporting broader incident response • Apply foundational knowledge to investigate and address malware infections, unauthorized access, and system integrity issues • Implement endpoint protection and access control tools under supervision from senior R&R team members • Document all actions taken in a clear, structured format, capturing technical findings, decisions made, and lessons learned • Participate in after-hours (on-call/weekend rotational) support when needed to ensure 24/7 incident response coverage

• Demonstrate a commitment to learning and contribute valuable insights, actively seeking guidance when necessary. • Contribute to client-facing incident response engagements, working with other team members to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct advanced forensic analysis to precisely identify the scope and impact of security incidents, including malware analysis and reverse engineering when necessary. • Lead the forensic investigations on small to medium investigations such as Business Email Compromises and Ransomware engagements. • Provide mentorship and assist less experienced team members by sharing your knowledge and expertise to help others grow in their roles. • Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to guide mitigation and prevention efforts. • Convey complex forensic findings to technical and non-technical stakeholders clearly and understandably. • Provide comprehensive supporting evidence for written reports detailing incident findings, and analysis. • Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices. • Engage in research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies. • Contribute to the development of internal processes and support broader organizational initiatives. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

• Represent Surefire Cyber as a skilled technical forensic and consulting expert for clients across diverse industries during active incident response engagements. • Leverage extensive experience and technical skills to play a pivotal role in detecting and analyzing intrusions, offering clear guidance to clients navigating high-pressure response situations, and providing after-hours support as needed. • Demonstrate genuine curiosity, a commitment to continuous learning, and contribute valuable insights to support the team's knowledge growth. • Forensically lead incident response engagements, working with other team members to guide clients through the entire incident response lifecycle from detection to recovery. • Conduct advanced forensic analysis to identify the scope and impact of security incidents meticulously and precisely, including malware analysis and reverse engineering when necessary. • Independently manage investigations ranging in size and complexity such as Business Email Compromises and Ransomware engagements. • Provide career development for a Forensic team by investing in their professional development conducting regular one-on-one conversations and providing guidance and recommendations on training opportunities. • Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to guide mitigation and prevention efforts. • Convey complex forensic findings to technical and non-technical stakeholders clearly and understandably. • Provide comprehensive supporting evidence for written reports detailing incident findings and analysis. • Review, provide well-thought-out input, and provide guidance to other team members on forensic reports. • Collaborate with internal teams, external partners, and clients to refine and document incident response processes and best practices. • Spearhead research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies. • Contribute to the development of internal processes and support broader organizational initiatives. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

• This is a full-time remote opportunity, and you will perform a variety of restoration and recovery efforts while working closely with the Director of Restoration, Restoration team members, and the Digital Forensic and Incident Response team. • They will play a critical role in post-incident recovery, working alongside the DFIR team to restore systems and secure infrastructures after cyber incidents. • Through meticulous remediation efforts and application of technical expertise, they’ll help clients regain operational stability and strengthen their defenses against future threats. • Actively share knowledge with team members cultivating a culture of continuous learning, and staying up to date on industry trends, emerging threats, and best practices. • Build strong professional relationships and serve as a trusted advisor during client-facing incident response engagements, contributing your advanced knowledge and expertise to post-incident recovery efforts. • Work closely with the DFIR team to assess and determine the scope and impact of cyber incidents. • Utilize experience with Active Directory, Group Policy Objects, ADSI, Windows Security, replication, Azure Active Directory Connect, and other relevant technologies to restore compromised systems. • Script and automate recovery processes using PowerShell and Windows command line tools. • Leverage experience in hypervisor technologies such as VMware, Hyper-V, Citrix XenServer, and Nutanix Acropolis to restore virtualized environments. • Work with various server hardware platforms including HP, Dell, Nutanix, and Cisco UCS. • Utilize experience with storage vendors such as Dell EMC, NetApp, HP/Nimble, and Pure Storage to recover data and systems. • Implement backup solutions such as Veeam, Backup Exec, Unitrends, and Zerto to ensure data recovery. • Manage desktop operating systems and deployments, including Windows 7/8/10/11. • Oversee enterprise messaging systems, including Exchange and M365. • Handle server-based computing environments, including Citrix and Terminal Services. • Leverage networking knowledge, including core switches, wireless access points, firewalls, and VPN configurations. • Implement two-factor and multi-factor authentication services such as Okta, DUO, Microsoft Authentication, Ping, RSA, and others. • Collaborate with internal teams, external partners, and clients to refine and document all restoration and recovery efforts, maintaining a clear and organized record of actions taken, lessons learned, and best practices. • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.