This client-facing role requires the Principal Consultant to lead and produce deliverables for reactive services engagements. You will work directly with multiple customers and key stakeholders, from technical administrators to the C-Suite, to manage incident response engagements from start to finish and provide expert guidance on long-term security posture remediation.
Key Responsibilities
Manage end-to-end incident response engagements, including scoping work, guiding clients through forensic investigations, containing security incidents, and providing long-term remediation recommendations.
Perform reactive incident response functions, including host-based analysis of Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
Investigate data breaches by leveraging digital forensics tools (e.g., EnCase, FTK, X-Ways, SIFT, Splunk) to determine the root cause of compromises and malicious activity.
Examine firewall, web, database, and other log sources to identify evidence of malicious activity, focusing on the details to ensure a thorough and accurate investigation.
Proactively collaborate with and mentor junior team members, sharing expertise in incident response and forensics best practices to empower others and ensure team alignment.
Effectively communicate complex technical findings and strategic recommendations to both technical and executive-level stakeholders.
Travel as needed to meet client engagement demands, typically averaging 20%.
Key Responsibilities
Manage end-to-end incident response engagements, including scoping work, guiding clients through forensic investigations, containing security incidents, and providing long-term remediation recommendations.
Perform reactive incident response functions, including host-based analysis of Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
Investigate data breaches by leveraging digital forensics tools (e.g., EnCase, FTK, X-Ways, SIFT, Splunk) to determine the root cause of compromises and malicious activity.
Examine firewall, web, database, and other log sources to identify evidence of malicious activity, focusing on the details to ensure a thorough and accurate investigation.
Proactively collaborate with and mentor junior team members, sharing expertise in incident response and forensics best practices to empower others and ensure team alignment.
Effectively communicate complex technical findings and strategic recommendations to both technical and executive-level stakeholders.
Travel as needed to meet client engagement demands, typically averaging 20%.
Requirements:
Bachelor's degree in Cybersecurity, Computer Science, or a related field, or equivalent military/professional experience.
8+ years of experience in incident response or digital forensics consulting.
Demonstrated experience leading complex technical engagements and interfacing directly with clients and stakeholders.
Proficiency in host-based forensics, data breach response, and network traffic analysis.
Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, or similar technologies.
Preferred Qualifications
Master's degree in a relevant technical field.
Strong executive presence with experience presenting complex technical concepts to C-suite stakeholders.
Established external presence through public speaking, conference presentations, or industry publications.
Relevant industry certifications such as GIAC (GCFA, GCFE, GNFA), CISSP, or similar.
Bachelor's degree in Cybersecurity, Computer Science, or a related field, or equivalent military/professional experience.
8+ years of experience in incident response or digital forensics consulting.
Demonstrated experience leading complex technical engagements and interfacing directly with clients and stakeholders.
Proficiency in host-based forensics, data breach response, and network traffic analysis.
Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, SIFT, Splunk, Volatility, or similar technologies.
Preferred Qualifications
Master's degree in a relevant technical field.
Strong executive presence with experience presenting complex technical concepts to C-suite stakeholders.
Established external presence through public speaking, conference presentations, or industry publications.
Relevant industry certifications such as GIAC (GCFA, GCFE, GNFA), CISSP, or similar.
This position is open to all candidates.
