Apply on Employer Site

Surefire Cyber Inc. · 1 day ago

Principal Consultant, Restoration and Remediation

United States

Full-time

Remote

Lead/Staff

10+ years exp

Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents. As a Principal Consultant on the Restoration and Remediation team, you'll lead complex post-incident recovery engagements, advising clients on restoration strategies and overseeing technical execution across diverse environments.

ComputerCyber SecurityNetwork Security

Responsibilities

Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises

Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening

Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions

Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements

Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity

Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed

Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance

Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity

Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths

Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements

Participate in after-hours response rotations during major incident events (on-call availability expected)

Qualification

CybersecurityIncident responseActive DirectoryRemediation planningAzure ADM365Network reconfigurationBackup toolsTechnical coachingLearning mindsetClient advisingLeadershipCommunication skillsMentoringTeam collaborationProblem-solvingDocumentation

Required

10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering

Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity

Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends)

Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise

Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams

Comfortable advising senior business and legal stakeholders during high-pressure engagements

Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates

Demonstrated experience mentoring and growing technical talent within a team

Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign

Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training

Preferred

Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred

Benefits

Competitive compensation plan and total rewards package for team members

Remote workforce

Generous paid time off plan and floating holidays

Paid parental leave

Employer paid premiums for both team members and their dependents for medical, dental, and vision

Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.

Professional development and career advancement opportunities

We prioritize employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.

Company

Surefire Cyber Inc.

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Founded in 2022

Elkridge, Maryland, USA

11-50 employees