CYPFER is a leading first-responder cybersecurity organization enabling clients to swiftly and effectively return to business following a cyber-attack. As a global market leader in ransomware post-breach remediation and cyber-attack first response, we consistently deliver results that exceed market standards for handling cyber-extortion and ransomware events. Our team collaborates with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses.
Location:
- We would prefer candidates to be located in one of the following:
Core Responsibilities:
- Engage on behalf of CYPFER in cybersecurity incident recovery tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams.
- Utilize advanced tools and methodologies to collect and analyze forensic artifacts and images from affected systems.
- Perform in-depth triage of system configurations and forensic artifacts to assess compromise and support forensic teams.
- Decrypt, verify, and validate encrypted data.
- Restore, recover, troubleshoot, and rebuild physical and virtual (i.e., VMWare ESX, Nutanix, HyperV) Windows & Linux servers impacted by ransomware or other cybersecurity incidents.
- Design and deploy golden images using Acronis or similar solutions.
- Deploy, manage, and tune EDR/XDR products including SentinelOne, Crowdstrike, and Cortex.
- Collaborate and communicate with team members to ensure the highest quality of service.
- Frequently lead small engagements and consistently provide leadership as a senior member of larger teams.
- Advanced NGFW firewall administration: ability to review logs and create/edit granular policies and troubleshoot connectivity issues.
- Draft clear, concise reports with minimal assistance.
- Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed.
- This role is remote but requires the ability to travel on short notice to a client site up to 50%. Must maintain flexibility to travel frequently within 24-48 hours' notice for deployments typically 1-2 weeks in duration.
Technical Requirements:
- 5+ years of experience in technical support, system administration, or a similar role.
- In-depth knowledge of the OSI Model, TCP/IP protocol suite (IP, ARP, ICMP, TCP, UDP, SMTP, FTP, TFTP).
- Design, install, troubleshoot, and harden Windows Servers, including creating Domain Controllers, troubleshooting DNS, DHCP, GPO, FSMO, and NTP services, managing File and Print Servers, and installing PKI Certificate Servers and LAPS.
- Ability to troubleshoot and recover MS Exchange and MS SQL servers.
- Install and configure Linux operating systems with a solid understanding of Linux networking.
- Install and manage virtualization environments, including vSphere, MS Hyper-V, and Nutanix.
- Expertise in setting up VLANs effectively in a networking environment.
- In-depth understanding and experience configuring next-generation firewalls.
- Expertise in storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS.
- Advanced working knowledge and experience with enterprise backup and restore solutions.
Business Responsibilities:
- Maintain current knowledge of information security, technical infrastructure recovery techniques, emerging threats, and tools.
- Work closely with PMO & leadership to ensure workflows and recovery efforts are aligned with strategic objectives and consistent with project scope.
- Work independently and produce high-quality deliverables with minimal supervision.
- Exhibit strong customer service and consulting skills.
- Mentoring and training of junior consultants.
- Adhere to client and internal policies, procedures, and security practices.
- Maintain detailed notes and draft updates and reports as required.
- Remain calm, composed, and articulate in tough customer situations.
- Exhibit excellent relationship management and communication skills.
Preferred Skills:
- Proactive risk assessment and troubleshooting abilities.
- Knowledge and understanding of DFIR, threat hunting, and cybersecurity principles.
- Extensive knowledge of EDR/XDR products.
- Experience in supporting hybrid and cloud environments - Azure, AWS, etc.
- Linux and Apple OS X troubleshooting experience.
- Industry certifications such as MCP, Network+, Security+, CCNP, or similar are a plus.
Compensation:
- Compensation package includes a base salary and multiple bonus opportunities.
CYPFER is an equal opportunity employer. If you need accommodation during the interview process or beyond, please let us know. We celebrate our inclusive work environment and welcome applicants from all backgrounds and perspectives.
We thank you for your interest in joining the CYPFER team! While we welcome all applicants, only those selected for an interview will be contacted.