Back to jobs
New

Principal Consultant, Restoration

Elkridge, Maryland, United States

About Surefire Cyber

Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats. Our client-centric approach reduces stress and provides clients the confidence needed to prepare, respond, and recover from cyber incidents – and fortify their cyber resilience after an event.

Surefire Cyber’s approach and delivery are designed by industry veterans who have worked shoulder-to­shoulder with law firms, insurance carriers, brokers, law enforcement, and impacted organizations in responding to cyber incidents. We are marshaling this experience to address the industry’s persistent challenges of efficiency, predictability, and transparency

Job Title: Principal, Restoration and Remediation 

Location: Remote (USA) 

Role: Full time 

Compensation:

 

What Makes You Stand Out 

You are a senior technical leader in cybersecurity and incident response, known for restoring order and confidence during high-severity events. You’ve led the full lifecycle of post-incident recovery efforts, from strategic planning and stakeholder advising, to hands-on systems restoration and network reconfiguration. 

You bring not only deep technical skills across enterprise IT infrastructure but also the confidence and clarity to lead clients, coach teammates, and evolve internal capabilities. You thrive in high-pressure environments, take initiative, and are passionate about growing the next generation of cyber responders. 

How You’ll Make An Impact 

As a Principal Consultant on the Restoration and Remediation team, you’ll lead Surefire Cyber’s most complex and sensitive post-incident recovery engagements. You’ll advise clients on restoration strategy, coordinate with cross-functional teams, and oversee technical execution across diverse environments. 

You’ll also play a key role in maturing Surefire Cyber’s internal R&R capabilities; mentoring consultants, improving playbooks and tooling, and shaping how we scale recovery operations. 

Your Role In Action 

  • Lead end-to-end recovery operations for complex cyber incidents, including ransomware outbreaks, large-scale breaches, and targeted compromises 
  • Architect and manage technical remediation plans across hybrid infrastructure (on-prem, cloud, and SaaS), including user recovery, server rebuilds, reconfiguration, and hardening 
  • Oversee restoration of identity services (Active Directory, Azure AD), messaging systems (Exchange, M365), VPNs, firewalls, MFA, and enterprise backup solutions 
  • Advise client executives (CIOs, CISOs, legal, insurers) on remediation strategy, recovery timelines, and long-term resilience improvements 
  • Coordinate recovery workstreams across DFIR, IT, legal, and insurance stakeholders, ensuring alignment and technical integrity 
  • Act as technical escalation point during recovery engagements, solving roadblocks with precision and speed 
  • Mentor senior and junior consultants on real-time client work and long-term development, including technical coaching, feedback, and project guidance 
  • Document and review client-facing technical reports, timelines, and lessons learned to ensure completeness and clarity 
  • Contribute to the evolution of Surefire Cyber’s recovery methodologies, including internal tooling, knowledge bases, and training paths 
  • Lead or support proactive services including tabletop exercises, remediation readiness assessments, and executive advisory engagements 
  • Participate in after-hours response rotations during major incident events (on-call availability expected) 

 

Your Expertise 

  • 10+ years of professional experience in cybersecurity, incident response, systems/network administration, or IT infrastructure engineering 
  • Proven leadership in guiding enterprise-scale recovery efforts during cyber incidents, ideally in a client-facing or consulting capacity 
  • Deep hands-on experience with Active Directory, Azure AD, M365, Exchange, Group Policy, virtualization platforms (VMware, Hyper-V, Citrix), and backup tools (e.g., Veeam, Zerto, Unitrends) 
  • Expert understanding of infrastructure reconfiguration, network segmentation, identity access recovery, and endpoint security post-compromise 
  • Ability to architect and execute remediation plans in coordination with DFIR, SOC, and cloud teams 
  • Comfortable advising senior business and legal stakeholders during high-pressure engagements 
  • Strong written and verbal communication skills, including experience preparing and presenting executive-level remediation updates 
  • Demonstrated experience mentoring and growing technical talent within a team 
  • Familiarity with attacker TTPs, threat actor behaviors, and their implications for recovery sequencing and infrastructure redesign 
  • Demonstrated expertise in cybersecurity, systems engineering, or incident response, whether gained through professional experience, certifications, or equivalent technical training. 
  • Advanced certifications (e.g., CISSP, GCFA, MCSE, OSCP) are strongly preferred. 

 

Expertise in all these areas is not required, but you should be excited by the opportunity to learn new things and comfortable with working with other team members to expand your knowledge base and experience. We at Surefire Cyber invite you to apply even if you do not feel you have mastery in all the requirements listed on the job description and welcome a further discussion.    

Interview Process  

  • Submit interest and application on our website   
  • Preliminary phone interview with the Talent & People Team (approx., 30 minutes)  
  • Virtual technical interview with the Restoration Team (approx., 45 minutes)  
  • Virtual interview with our Director of Restoration (approx., 45 minutes)  
  • Take Home Assessment
  • Virtual interview with Chief Delivery Officer (approx., 30 minutes)  
  • Virtual interview with CEO (Chief Executive Officer) (approx., 30 minutes)   

Benefits of Joining Surefire Cyber

  • Competitive compensation plan and total rewards package for team members
  • Remote workforce
  • Generous paid time off plan and floating holidays
  • Paid parental leave
  • Employer paid premiums for both team members and their dependents for medical, dental, and vision
  • Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.
  • Professional development and career advancement opportunities
  • We prioritize employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.

Surefire Cyber is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex, or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, genetic information, or any other characteristic protected by applicable federal, state or local laws and ordinances.

Create a Job Alert

Interested in building your career at Surefire Cyber? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Surefire Cyber’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.