[Hiring] Principal Consultant, Restoration and Remediation @Surefire Cyber

Role Description

As a Principal Consultant on the Restoration and Remediation team, you’ll lead Surefire Cyber’s most complex and sensitive post-incident recovery engagements.

• Advise clients on restoration strategy, coordinate with cross-functional teams, and oversee technical execution across diverse environments.
• Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises.
• Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening.
• Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions.
• Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements.
• Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity.
• Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed.
• Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance.
• Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity.
• Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths.
• Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements.
• Participate in after-hours response rotations during major incident events (on-call availability expected).

Qualifications

• 10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering.
• Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity.
• Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends).
• Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise.
• Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams.
• Comfortable advising senior business and legal stakeholders during high-pressure engagements.
• Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates.
• Demonstrated experience mentoring and growing technical talent within a team.
• Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign.
• Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training.
• Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred.

Requirements

• Excited by the opportunity to learn new things and comfortable with working with other team members to expand your knowledge base and experience.

Benefits

• Competitive compensation plan and total rewards package for team members.
• Remote workforce.
• Generous paid time off plan and floating holidays.
• Paid parental leave.
• Employer paid premiums for both team members and their dependents for medical, dental, and vision.
• Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.
• Professional development and career advancement opportunities.
• Prioritization of employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.

Interview Process

• Submit interest and application on our website.
• Preliminary phone interview with the Talent & People Team (approx., 30 minutes).
• Virtual technical interview with the Restoration Team (approx., 45 minutes).
• Virtual interview with our Director of Restoration (approx., 45 minutes).
• Take Home Assessment.
• Virtual interview with Chief Delivery Officer (approx., 30 minutes).
• Virtual interview with CEO (Chief Executive Officer) (approx., 30 minutes).