Principal Consultant, Restoration
About Surefire Cyber
Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats. Our client-centric approach reduces stress and provides clients the confidence needed to prepare, respond, and recover from cyber incidents – and fortify their cyber resilience after an event.
Surefire Cyber’s approach and delivery are designed by industry veterans who have worked shoulder-toshoulder with law firms, insurance carriers, brokers, law enforcement, and impacted organizations in responding to cyber incidents. We are marshaling this experience to address the industry’s persistent challenges of efficiency, predictability, and transparency
Job Title: Principal, Restoration and Remediation
Location: Remote (USA)
Role: Full time
Compensation:
What Makes You Stand Out
You are a senior technical leader in cybersecurity and incident response, known for restoring order and confidence during high-severity events. You’ve led the full lifecycle of post-incident recovery efforts, from strategic planning and stakeholder advising, to hands-on systems restoration and network reconfiguration.
You bring not only deep technical skills across enterprise IT infrastructure but also the confidence and clarity to lead clients, coach teammates, and evolve internal capabilities. You thrive in high-pressure environments, take initiative, and are passionate about growing the next generation of cyber responders.
How You’ll Make An Impact
As a Principal Consultant on the Restoration and Remediation team, you’ll lead Surefire Cyber’s most complex and sensitive post-incident recovery engagements. You’ll advise clients on restoration strategy, coordinate with cross-functional teams, and oversee technical execution across diverse environments.
You’ll also play a key role in maturing Surefire Cyber’s internal R&R capabilities; mentoring consultants, improving playbooks and tooling, and shaping how we scale recovery operations.
Your Role In Action
- Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises
- Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening
- Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions
- Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements
- Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity
- Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed
- Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance
- Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity
- Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths
- Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements
- Participate in after-hours response rotations during major incident events (on-call availability expected)
Your Expertise
- 10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering
- Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity
- Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends)
- Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise
- Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams
- Comfortable advising senior business and legal stakeholders during high-pressure engagements
- Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates
- Demonstrated experience mentoring and growing technical talent within a team
- Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign
- Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training.
- Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred.
Expertise in all these areas is not required, but you should be excited by the opportunity to learn new things and comfortable with working with other team members to expand your knowledge base and experience. We at Surefire Cyber invite you to apply even if you do not feel you have mastery in all the requirements listed on the job description and welcome a further discussion.
Interview Process
- Submit interest and application on our website
- Preliminary phone interview with the Talent & People Team (approx., 30 minutes)
- Virtual technical interview with the Restoration Team (approx., 45 minutes)
- Virtual interview with our Director of Restoration (approx., 45 minutes)
- Take Home Assessment
- Virtual interview with Chief Delivery Officer (approx., 30 minutes)
- Virtual interview with CEO (Chief Executive Officer) (approx., 30 minutes)
Create a Job Alert
Interested in building your career at Surefire Cyber? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field