Cybersecurity Consultant

at  Cypfer

CYPFER is a leading first-responder cybersecurity organization enabling clients to swiftly and effectively return to business following a cyber-attack. As a global market leader in ransomware post-breach remediation and cyber-attack first response, we consistently deliver results that exceed market standards for handling cyber-extortion and ransomware events. Our team collaborates with prominent global insurance carriers, leading law firms, and Fortune 1000 businesses.

TECHNICAL REQUIREMENTS:

• 2+ years of experience in technical support, system administration, or a similar role.
• Working knowledge of OSI Model, TCP/IP protocol suite (IP, ARP, ICMP, TCP, UDP, SMTP, FTP, TFTP).
• Build and manage Windows Server, including creating Domain Controllers, troubleshooting DNS, DHCP, GPO, FSMO, and NTP services, managing File and Print Servers, installing PKI Certificate Servers and LAPS.
• Possess basic understanding of MS Exchange and MS SQL operations.
• Install Linux operating systems and have a understanding of Linux networking.
• Install and manage virtualization environments, including vSphere, MS Hyper-V, and Nutanix.
• Ability to set up VLANs effectively in a networking environment.
• Have a basic understanding of the operations of next generation firewalls.
• Understand and manage storage technologies such as RAID, NAS, SAN, Fiber Channel, iSCSI, and NFS.
• Working knowledge and experience with backup and restore solutions.

PREFERRED SKILLS:

• Proactive risk assessment and troubleshooting abilities.
• Knowledge and understanding of DFIR, threat hunting, and cybersecurity principles.
• Knowledge of EDR/XDR products.
• Experience in supporting hybrid and cloud environments - Azure, AWS, etc.
• Linux and Apple OS X troubleshooting experience.
• Industry certifications such as MCP, Network+, Security+, CCNA, or similar are a plus.

CORE RESPONSIBILITIES:

• Engage on behalf of CYPFER in cybersecurity incident recovery tasks, interacting with various insurance partners, legal counsel, incident response units, client executives, and technical teams.
• Utilize standard tools and methodologies to collect forensic artifacts and images from affected systems.
• Perform basic triage of system configurations and forensic artifacts to assess compromise and support forensic team.
• Decrypt, verify, and validate encrypted data.
• Restore, recover, troubleshoot, and rebuild physical and virtual (i.e. VMWare ESX, Nutanix, HyperV) Windows & Linux servers impacted by ransomware or other cybersecurity incidents.
• Create and deploy golden images using Acronis or similar solutions.
• Deploy and manage EDR/XDR products, including SentinelOne, Crowdstrike, and Cortex.
• Collaborate and communicate with team members to ensure the highest quality of service.
• Occasionally lead small engagements, primarily serves as a member of a larger team.
• Basic firewall administration: ability to review logs, create/edit policies on NGFWs.
• Participate in a rotating on-call schedule; ability to work on weekends and outside normal business hours as needed.
• This role is remote but requires the ability to travel on short notice to a client site, up to 50%. Must maintain flexibility to travel frequently within 24-48 hours’ notice, for deployments typically 1-2 weeks in duration.

BUSINESS RESPONSIBILITIES:

• Maintain current knowledge of information security, technical infrastructure, recovery techniques, emerging threats, and tools.
• Work closely with PMO & leadership to ensure workflows and recovery efforts are aligned with strategic objectives and consistent with project scope.
• Work independently and produce high-quality deliverables with minimal supervision.
• Exhibit strong customer service and consulting skills.
• Adhere to client and internal policies, procedures, and security practices.
• Maintain detailed notes and draft updates and reports as required.
• Remain calm, composed, and articulate in tough customer situations.
• Exhibit excellent relationship management and communication skills.