Job Details

Incident Response Consultant (CONSULTANCY)

ANYWHERE, United States
  • Employment Type: Direct Hire
Our client, an award-winning IT and cybersecurity consultancy firm, is looking for a Senior Incident Response Consultant to join their Cyber Risk Services Division. The successful candidate will play an integral role in growing and shaping the direction of the cyber risk division by exploring innovative approaches and technologies for detecting, responding to, and recovering from incidents. The Consultant must have experience and knowledge of incident response leading practices and frameworks (e.g., NIST SP 800-61, SANS, MITRE ATT&CK) to assist in the assessment and development of incident response capabilities across all phases of the incident lifecycle (preparation through eradication). Candidates with two or more industry certifications such as CISSP, GCIH, GCFA, GCDA, CHFI, GNFA, EnCE, MCFE are strongly preferred. This is a fully remote role with travel up to 50% post COVID-19 travel restrictions. Send resumes to [email protected].

Position Description:    
  • Leverages your experience and knowledge of incident response leading practices and frameworks (e.g., NIST SP 800-61, SANS, MITRE ATT&CK) to assist in the assessment and development of incident response capabilities across all phases of the incident lifecycle (preparation through eradication)
  • Builds presentations and other materials for client presentations and workshops, and support their delivery
  • Identifies and recommends technologies to support client incident response processes, and work with technology partners to facilitate their implementation
  • Develops and refines incident response policies, standards, plans, playbooks, and standard operating procedures based on client needs
  • Supports the testing of incident response capabilities through tabletop exercises and other simulations
  • Works with our delivery partners to conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc., create detailed and insightful incident reports, and assist in identifying and remediating gaps
  • Provides guidance and advice regarding cyber incidents, forensics, and incident response
  • Monitors and reports on progress in completing projects and deliverables
  • Duties:
  • Maintains awareness and understanding of evolving threats and intrusion trends to provide subject matter expertise and insight to clients about industry attack trends and defenses
  • Maintains awareness of technologies that support the incident response process, and the relative strengths and weaknesses of those technologies
  • Identifies and attends training to keep skills up to date
  • Creates methods and frameworks to support sales of our professional services
  • Builds presales materials such as proposals and statements of work
  • Supports pre and post sales meetings and presentations with our clients
  • Consistently delivers engagements against established schedules and budgets, coordinating with our team and delivery partners
  • Helps to build eminence materials and support their publication and delivery
  • Identifies opportunities to improve our internal processes and recommend changes
  • Mentors and motivates team members to provide outstanding client service
  • Helps define and bring to market new offerings and capabilities
  • Understands the scope of services provided by our cyber risk division and identify opportunities within our client base to deliver more services
Minimum Qualifications:
  • Bachelor’s degree in cybersecurity or other related discipline and significant cybersecurity experience
  • Some experience in two or more of the following: Incident response and handling, Computer/Network forensics, Data/network analysis, Malware analysis, Intrusion analysis and prevention, Security operations
  • Experience with computer/network forensics tools (e.g., EnCase, Magnet, Wireshark)
  • Experience with SIEM/Log Management tools (e.g., Splunk, Sumo Logic, Exabeam, Elastic, Sentinel)
  • Experience with one or more Infrastructure-as-a-Service (“IaaS”), Platform-as-a-Service (“PaaS”), or Software-as-a-Service (“SaaS”) providers such as Microsoft and Amazon Web Services
  • One or more industry certifications: CISSP, GCIH, GCFA, GCDA, CHFI, GNFA, etc.
  • Willing and able to travel to client locations up to 50%
  • Strong oral and written communication skills
  • Ability to gauge the audience and speak at appropriate levels
  • Ability to put complex concepts in a clear and concise form
  • Delivery of presentations to both small and large groups, and in virtual or in person settings
  • Excellent time management skills
  • Ability to set priorities and meet obligations in a timely manner
  • Background check required
Desired Qualifications:
  • The following list is examples of desired skills, the most competitive candidates should have a combination of these skills but are not required to have all of them
  • Master’s degree in cybersecurity or other related discipline
  • Significant cybersecurity experience as a consultant
  • Deep understanding of network defense principles, common attack vectors, incident response methodologies, log analysis, and attacker techniques
  • Expert knowledge of incident response guidance and tools such as NIST 800-61 or SANS Incident Response Process
  • Experience with using MITRE ATT&CK, particularly in the context of Incident Response
  • Experience with enterprise security products such as Endpoint Detection and Response (“EDR”), network intrusion detection/prevention systems (“NIPS” or “NIDS”), and Security Orchestration, Automation, and Response (“SOAR”) products
  • Experience performing Incident Response services over cloud services (IaaS, PaaS, SaaS)
  • Experience with security services of major cloud providers
  • Ability to deliver multiple projects at a time
  • Scripting skills such as: PowerShell, Python, Node.js, JavaScript, Bash, Ruby, Perl
  • Two or more industry certifications: CISSP, GCIH, GCFA, GCDA, CHFI, GNFA, etc.
  • One forensics certification: EnCE, MCFE
  • Preference for West coast based, especially SoCal
  • This is a client facing role; candidate will be required to travel to client locations up to 50% to deliver professional services when needed

 

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)