CYPFER is a leading first-responder cybersecurity organization enabling clients to swiftly and effectively return to business following a cyber-attack. As a global market leader in ransomware post-breach remediation and cyber-attack first response, we consistently deliver results that exceed market standards for handling cyber-extortion and ransomware events. Our team collaborates with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses.
Location:
- We would prefer candidates to be located in one of the following:
- Philadelphia, PA
- Houston, TX
Core Responsibilities:
- Engage on behalf of CYPFER in cybersecurity incident recovery tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams.
- Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems.
- Perform basic triage of system configurations and forensic artifacts to assess compromise and support forensic team.
- Decrypt, verify, and validate encrypted data.
- Restore, recover, troubleshoot, and rebuild physical and virtual (i.e. VMWare ESX, Nutanix, HyperV) Windows & Linux servers impacted by ransomware or other cybersecurity incidents.
- Create and deploy golden images using Acronis or similar solutions.
- Deploy and manage EDR/XDR products, including SentinelOne, Crowdstrike, and Cortex.
- Collaborate and communicate with team members to ensure the highest quality of service.
- Occasionally lead small engagements, primarily serves as a member of a larger team.
- Basic firewall administration: ability to review logs, create/edit policies on NGFWs.
- Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed.
- This role is remote but requires the ability to travel on short notice to a client site, up to 50%. Must maintain flexibility to travel frequently within 24-48 hours' notice, for deployments typically 1-2 weeks in duration.
Technical Requirements:
- 2+ years of experience in technical support, system administration, or a similar role.
- Working knowledge of OSI Model, TCP/IP protocol suite (IP, ARP, ICMP, TCP, UDP, SMTP, FTP, TFTP).
- Build and manage Windows Server, including creating Domain Controllers, troubleshooting DNS, DHCP, GPO, FSMO, and NTP services, managing File and Print Servers, installing PKI Certificate Servers and LAPS.
- Possess basic understanding of MS Exchange and MS SQL operations.
- Install Linux operating systems and have a understanding of Linux networking.
- Install and manage virtualization environments, including vSphere, MS Hyper-V, and Nutanix.
- Ability to set up VLANs effectively in a networking environment.
- Have a basic understanding of the operations of next generation firewalls.
- Understand and manage storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS.
- Working knowledge and experience with backup and restore solutions.
Business Responsibilities:
- Maintain current knowledge of information security, technical infrastructure, recovery techniques, emerging threats, and tools.
- Work closely with PMO & leadership to ensure workflows and recovery efforts are aligned with strategic objectives and consistent with project scope.
- Work independently and produce high-quality deliverables with minimal supervision.
- Exhibit strong customer service and consulting skills.
- Adhere to client and internal policies, procedures, and security practices.
- Maintain detailed notes and draft updates and reports as required.
- Remain calm, composed, and articulate in tough customer situations.
- Exhibit excellent relationship management and communication skills.
Preferred Skills:
- Proactive risk assessment and troubleshooting abilities.
- Knowledge and understanding of DFIR, threat hunting, and cybersecurity principles.
- Knowledge of EDR/XDR products.
- Experience in supporting hybrid and cloud environments - Azure, AWS, etc.
- Linux and Apple OS X troubleshooting experience.
- Industry certifications such as MCP, Network+, Security+, CCNA, or similar are a plus.
Compensation:
- Compensation package includes base salary and multiple bonus opportunities.
Cypfer is an equal opportunity employer. If you need accommodation during the interview process or beyond, please let us know. We celebrate our inclusive work environment and welcome applicants from all backgrounds and perspectives.
We thank you for your interest in joining the Cypfer team! While we welcome all applicants, only those selected for an interview will be contacted.