Benefits
What Makes You Stand OutHow You'll M ake A n ImpactYou'll also play a key role in maturing Surefire Cyber' s internal R&R capabilities ; mentoring consultants, improving playbooks and tooling, and shaping how we scale recovery operations.Your Role I n ActionLead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromisesArchitect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS) , including user recovery, server rebuilds, reconfiguration, and hardeningOversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutionsA d vise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvementsCoordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrityAct as technical escalation point during recovery engagements, solving roadblocks with precision and speedM entor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidanceDocument and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarityContribute to the evolution of Surefire Cyber 's recovery methodologies, including internal tooling, knowledge bases, and training pathsLead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagementsParticipate in after-hours response rotations during major incident events (on-call availability expected)Your Expertise10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineeringProven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacityDeep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends)Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromiseAbility to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teamsComfortable advising senior business and legal stakeholders during high-pressure engagementsStrong written and verbal communication skills, including experience preparing and presenting executive-level remediation updatesDemonstrated experience mentoring and growing technical talent within a teamFamiliarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesignDemonstrated expertise in cybersecurity, systems engineering, or incident response , whether gained through professional experience, certifications, or equivalent technical training.Advanced certifications (e.g., CISSP, GRemote work options
Additional Information
About Surefire Cyber
Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats. Our client-centric approach reduces stress and provides clients the confidence needed to prepare, respond, and recover from cyber incidents - and fortify their cyber resilience after an event.
Surefire Cyber's approach and delivery are designed by industry veterans who have worked shoulder-toshoulder with law firms, insurance carriers, brokers, law enforcement, and impacted organizations in responding to cyber incidents. We are marshaling this experience to address the industry's persistent challenges of efficiency, predictability, and transparency
Job Title: Principal, Restoration and Remediation
Location: Remote (USA)
Role: Full time
Interested in this role?
Apply on the company's website.
Surefirecyber · Worldwide