NOW HIRING: Incident Response Engagement Manager

Lisa Alvord Lisa Alvord

Lisa Alvord

Human Resources Manager & Office Manager at Solis

Published May 13, 2021
+ Follow

CFC Response/Solis Security is a global cybersecurity, data breach and incident response provider.  CFC Response/Solis Security is powered by a driven team of talented and experienced digital forensic investigators and security professionals that is called upon to help primarily small and mid-sized organizations respond to and recover from cyber-attacks.  CFC Response/Solis Security has been recognized as one of the leading cybersecurity incident response firms in the world.

As a member of CFC Response/Solis Security team, you will provide assistance in the forms of advice, coordination, communication, facilitation and technical intervention during a cyber incident.  You will be part of a team comprised of business resumption engineers, incident response managers, digital forensics investigators and security personnel with the objective of recovering the victimized organization (“client”), ensuring the environment is safe and secure and performing the forensics analysis required by the to collect digital artifacts, restore systems, reconfigure domain controllers and firewalls, troubleshoot network issues, and provide any other IT related tasks necessary to restore the client’s business operations.  Candidates for this role exhibit calmness under pressure, have excellent communication skills, the ability to de-escalate tense situations, abilities to work with different personalities and possess a strong desire to help individuals in need.  Ability to do some travel may be required in situations that demand it, though these situations are minimal.

Specific Role Description:

The IR Engagement Manager will respond and triage incident response engagements to determine the level of response that is required to stabilize the environment, initiate a plan for network restoration and/or recovery, as well as the collection of forensics data.  The information collected will also serve as a vital input to the creation of statements of work.

Responsibilities:

The IR Engagement Manager works with a team of experts with diverse skillsets including blue team, red team, forensics, application development and ones with advanced technical skillsets in networking, servers, cloud and more. The IR Engagement Manager is specifically tasked to manage all aspects of an Incident Response engagement that may include:   

Supervising Business Resumption (“BR”) team members assigned to an incident.

Ensuring such efforts as validation, monitoring, containment, log analysis, system forensic analysis and reporting.

Building and maintaining the relationship with the client, client’s counsel and other third parties involved and to ensure the engagements objectives and expectations are met and executed successfully as documented in the statements of work.

Supporting and providing direction to a team of security professionals that are responsible for such activities as monitoring, assessing, and reporting.

Ensuring the needs of the Forensics team has the information and evidential artifacts required to perform their work.

Leveraging strong verbal and written communication skills to ensure all parties involved in an incident situation receive timely and accurate information.

Sourcing and coordination of third parties to assist in the incident.

Monitoring the situation for changes in the client’s expectations.

Fielding questions from the client relating to the case that may require responses from others such as adjusters, attorneys, public relations professionals, and others.

Assisting the Client with inquiries from third parties related to the Client.

Ensuring software tools are deployed completely and in a timely situation, as well as ensuring those tools are removed in a timely fashion.

Coordination with the SOC to ensure the SOC is properly advised of the situation and there is clarity of expectations and responsibilities between the BR and SOC teams.

Responding to events as the demand requires regardless of the day, time of day, etc. 

Skills:

Ability to collect and verify technical information relating to a client’s computing environment.

Ability to oversee and coordinate a team ranging from 1-10 BR professionals.Ability to ensure that meetings are properly scheduled and conducted.

Ability to facilitate productive conversations amongst the parties involved in an incident situation.Ability to negotiate with unknown third parties towards a successful outcome in a cyber extortion situation, when needed.

Ability to ensure that extortion payments are made with compliance with company policies, insurance policies, regulations, laws and other legal advice. Additionally, these payments are made following the processes and procedures set forth by CFC Response/Solis Security.

Ability to provide complete, concise and accurate information to the relevant parties.Ability to communicate effectively verbally and in written form, including ensuring the right information goes to the right parties.

An understanding of the legal process that is required for an incident situation.Ability to work with law enforcement properly and effectively, as well as maintain a positive and productive relationship with law enforcement agencies. Ability to learn and modify process, actions and behaviors as situations change and as the incident climate changes.

Ability to make own travel arrangements if the travel is required.Ability to travel to locations serviced by CFC Response/ Solis Security.

Ability to keep track of hours, costs and other relevant information required of an incident.Ability to properly record time, document incident details and report on status.

Ability to learn and operate the software applications and tools used by CFC Response/Solis Security.Experience and ability to effectively leverage Office productivity applications.

Experience and ability to effectively leverage communication tools such as Microsoft Teams, Slack, Zoom.

Experience and ability to leverage public communication applications such as WhatsApp, Signal, Telegram.Ability to properly collect and handle suspicious and malicious files.

Ability to comprehend and follow verbal and written instructions from others. Ability to receive and process feedback, whether positive, neutral or negative, as well as take action.

Ability to access, operate and act with security administration consoles such as Carbon Black, Sentinel One, Sophos and more.

Working knowledge of major software/hardware/cloud platforms from vendors such as Microsoft, Cisco, Amazon, Fortinet, Sophos, SonicWall and Google Cloud Platform. Ability to know when to slow down efforts to ensure mistakes are not made.

Ability to attend, learn, retain, and act upon education received from training and other forms of learning.

Additional Professional Attributes:

Detail-oriented and a zeal for accuracy

Professional appearance

Positive attitude

Friendly and extroverted personality

Excellent verbal and written communication skills

Passion to deliver a high level of customer service Eagerness to participate in a highly collaborative and highly energized team environment

Must have reliable transportation and a valid driver’s license

Desire to write code and able to write scripts is a bonus

We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Candidates must possess authorization to work in the United States, as it is not our practice to sponsor individuals for work visas.


 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics