Blank Page

Business Resumption Engagement MANAGER


As a member of CFC Response/Solis Security team, you will provide assistance in the forms of advice, coordination, communication, facilitation and technical intervention during a cyber incident. You will be part of a team comprised of business resumption engineers, incident response managers, digital forensics investigators and security personnel with the objective of recovering the victimized organization (“client”), ensuring the environment is safe and secure
and performing the forensics analysis required by the to collect digital artifacts, restore systems, reconfigure domain controllers and firewalls, troubleshoot network issues, and provide any other IT related tasks necessary to restore the client’s business operations.

Candidates for this role exhibit calmness under pressure, have excellent communication skills, the ability to de-escalate tense situations, abilities to work with different personalities and possess a strong desire to help individuals in need. Ability to do some travel may be required in situations that demand it, though these situations are minimal.

Specific Role Description

The BR Engagement Manager will respond and triage incident response engagements to determine the level of response that is required to stabilize the environment, initiate a plan for network restoration and/or recovery, as well as the collection of forensics data. The information collected will also serve as a vital input to the creation of statements of work.


The BR Engagement Manager works with a team of experts with diverse skillsets including blue team, red team, forensics, application development and ones with advanced technical skillsets in networking, servers, cloud and more. The BR Engagement Manager is specifically tasked to manage all aspects of an Incident Response engagement that may include:

  • Supervising Business Resumption (“BR”) team members assigned to an incident.
  • Ensuring such efforts as validation, monitoring, containment, log analysis, system
    forensic analysis and reporting.
  • Building and maintaining the relationship with the client, client’s counsel and other third parties involved and to ensure the engagements objectives and expectations are met and executed successfully as documented in the statements of work.
  • Supporting and providing direction to a team of security professionals that are responsible for such activities as monitoring, assessing, and reporting.
  • Ensuring the needs of the Forensics team has the information and evidential artifacts required to perform their work.
  • Leveraging strong verbal and written communication skills to ensure all parties involved in an incident situation receive timely and accurate information.
  • Sourcing and coordination of third parties to assist in the incident.
  • Monitoring the situation for changes in the client’s expectations.
  • Fielding questions from the client relating to the case that may require responses from others such as adjusters, attorneys, public relations professionals, and others.
  • Assisting the Client with inquiries from third parties related to the Client.
  • Ensuring software tools are deployed completely and in a timely situation, as well as ensuring those tools are removed in a timely fashion.
  • Coordination with the SOC to ensure the SOC is properly advised of the situation and there is clarity of expectations and responsibilities between the BR and SOC teams.
  • Responding to events as the demand requires regardless of the day, time of day, etc.
  • Ability to collect and verify technical information relating to a client’s computing environment.
  • Ability to oversee and coordinate a team ranging from 1-10 BR professionals.
  • Ability to ensure that meetings are properly scheduled and conducted.
  • Ability to facilitate productive conversations amongst the parties involved in an incident situation.
  • Ability to negotiate with unknown third parties towards a successful outcome in a cyber extortion situation, when needed.
  • Ability to ensure that extortion payments are made with compliance with company policies, insurance policies, regulations, laws and other legal advice. Additionally, these payments are made following the processes and procedures set forth by CFC Response/Solis Security.
  • Ability to provide complete, concise and accurate information to the relevant parties.
  • Ability to communicate effectively verbally and in written form, including ensuring the right information goes to the right parties.
  • An understanding of the legal process that is required for an incident situation.
  • Ability to work with law enforcement properly and effectively, as well as maintain a positive and productive relationship with law enforcement agencies.
  • Ability to learn and modify process, actions and behaviors as situations change and as the incident climate changes.
  • Ability to make own travel arrangements if the travel is required.
  • Ability to travel to locations serviced by CFC Response/ Solis Security.
  • Ability to keep track of hours, costs and other relevant information required of an incident.
  • Ability to properly record time, document incident details and report on status.
  • Ability to learn and operate the software applications and tools used by CFCResponse/Solis Security.
  • Experience and ability to effectively leverage Office productivity applications.
  • Experience and ability to effectively leverage communication tools such as Microsoft Teams, Slack, Zoom.
  • Experience and ability to leverage public communication applications such as WhatsApp, Signal, Telegram.
  • Ability to properly collect and handle suspicious and malicious files.
  • Ability to comprehend and follow verbal and written instructions from others.
  • Ability to receive and process feedback, whether positive, neutral or negative, as well as take action.
  • Ability to access, operate and act with security administration consoles such as Carbon
    Black, Sentinel One, Sophos and more.
  • Working knowledge of major software/hardware/cloud platforms from vendors such as Microsoft, Cisco, Amazon, Fortinet, Sophos, SonicWall and Google Cloud Platform.
  • Ability to know when to slow down efforts to ensure mistakes are not made.
  • Ability to attend, learn, retain, and act upon education received from training and other forms of learning.

Additional Professional Attributes

  • Detail-oriented and a zeal for accuracy
  • Professional appearance
  • Positive attitude
    Friendly and extroverted personality
  • Excellent verbal and written communication skills
  • Passion to deliver a high level of customer service
  • Eagerness to participate in a highly collaborative and highly energized team environment
  • Must have reliable transportation and a valid driver’s license
  • Desire to write code and able to write scripts is a bonus


  • Competitive salary
  • Medical benefits that include dental and vision plans
  • 401(k) with match
  • Tuition reimbursement program
  • Referral bonus program
  • Be part of a dynamic growing company that offers a meaningful and fun work environment