From Response to Resilience.
Principal Consultant, Restoration and Remediation
Location
United States
Posted
243 days ago
Salary
0
Seniority
Lead
Job Description
Principal Consultant, Restoration and Remediation
Surefire Cyber Inc.
• Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises • Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening • Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions • Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements • Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity • Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed • Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance • Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity • Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths • Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements • Participate in after-hours response rotations during major incident events (on-call availability expected)
Job Requirements
- 10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering
- Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity
- Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends)
- Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise
- Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams
- Comfortable advising senior business and legal stakeholders during high-pressure engagements
- Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates
- Demonstrated experience mentoring and growing technical talent within a team
- Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign
- Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training.
- Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred.
Benefits
- Competitive compensation plan and total rewards package for team members
- Remote workforce
- Generous paid time off plan and floating holidays
- Paid parental leave
- Employer paid premiums for both team members and their dependents for medical, dental, and vision
- Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.
- Professional development and career advancement opportunities
- We prioritize employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.
