Blank Page

INCIDENT RESPONSE ENGAGEMENT MANAGER

 

As a member of CFC Response/Solis Security team, you will provide assistance in the forms of advice, coordination, communication, facilitation and technical intervention during a cyber incident. You will be part of a team comprised of business resumption engineers, incident response managers, digital forensics investigators and security personnel with the objective of recovering the victimized organization (“client”), ensuring the environment is safe and secure and performing the forensics analysis required by the to collect digital artifacts, restore systems, reconfigure domain controllers and firewalls, troubleshoot network issues, and provide any other IT related tasks necessary to restore the client’s business operations. Candidates for this role exhibit calmness under pressure, have excellent communication skills, the ability to de-escalate tense situations, abilities to work with different personalities and possess a strong desire to help individuals in need. Ability to do some travel may be required in situations that demand it, though these situations are minimal.

Specific Role Description

The IR Engagement Manager will respond and triage incident response engagements to determine the level of response that is required to stabilize the environment, initiate a plan for network restoration and/or recovery, as well as the collection of forensics data. The information collected will also serve as a vital input to the creation of statements of work.

Responsibilities

The IR Engagement Manager works with a team of experts with diverse skillsets including blue team, red team, forensics, application development and ones with advanced technical skillsets in networking, servers, cloud and more. The IR Engagement Manager is specifically tasked to manage all aspects of an Incident Response engagement that may include:

  • Supervising Business Resumption (“BR”) team members assigned to an incident.
  • Ensuring such efforts as validation, monitoring, containment, log analysis, system forensic analysis and reporting.
  • Building and maintaining the relationship with the client, client’s counsel and other third parties involved and to ensure the engagements objectives and expectations are met and executed successfully as documented in the statements of work.
  • Supporting and providing direction to a team of security professionals that are responsible for such activities as monitoring, assessing, and reporting.
  • Ensuring the needs of the Forensics team has the information and evidential artifacts required to perform their work.
  • Leveraging strong verbal and written communication skills to ensure all parties involved in an incident situation receive timely and accurate information.
  • Sourcing and coordination of third parties to assist in the incident.
  • Monitoring the situation for changes in the client’s expectations.
  • Fielding questions from the client relating to the case that may require responses from others such as adjusters, attorneys, public relations professionals, and others.
  • Assisting the Client with inquiries from third parties related to the Client.
  • Ensuring software tools are deployed completely and in a timely situation, as well as ensuring those tools are removed in a timely fashion.
  • Coordination with the SOC to ensure the SOC is properly advised of the situation and there is clarity of expectations and responsibilities between the BR and SOC teams.

Professional Attributes

  • Ability to collect and verify technical information relating to a client’s computing environment.
  • Ability to oversee and coordinate a team ranging from 1-10 BR professionals.
  • Ability to ensure that meetings are properly scheduled and conducted.
  • Ability to facilitate productive conversations amongst the parties involved in an incident situation.
  • Ability to negotiate with unknown third parties towards a successful outcome in a cyber extortion situation, when needed.
  • Ability to ensure that extortion payments are made with compliance with company policies, insurance policies, regulations, laws and other legal advice. Additionally, these payments are made following the processes and procedures set forth by CFC Response/Solis Security.
  • Ability to provide complete, concise and accurate information to the relevant parties.
  • Ability to communicate effectively verbally and in written form, including ensuring the right information goes to the right parties.
  • An understanding of the legal process that is required for an incident situation.
  • Ability to work with law enforcement properly and effectively, as well as maintain a positive and productive relationship with law enforcement agencies.
  • Ability to learn and modify process, actions and behaviors as situations change and as the incident climate changes.
  • Ability to make own travel arrangements if the travel is required.
  • Ability to travel to locations serviced by CFC Response/ Solis Security.
  • Ability to keep track of hours, costs and other relevant information required of an incident.
  • Ability to properly record time, document incident details and report on status.

Benefits

  • Competitive salary
  • Medical benefits that include dental and vision plans
  • 401(k) with match
  • Tuition reimbursement program
  • Referral bonus program
  • Be part of a dynamic growing company that offers a meaningful and fun work environment