SUMMARY The Technical Advisor works with an incident response engagement team to assist the Engagement Lead and manages the restoration tasks to ensure the successful forensic investigation and restoration of clients from network intrusions. The Technical Advisor is the technical engagement leader for the Tiger Team and is accountable for providing deeper technical expertise. This role is responsible for managing technical tasks and resources and staying up to date on best practices and emerging trends of cyber-attacks. This is a hands-on, technical role that requires working and communicating effectively with both internal team members and external clients.
ROLES & RESPONSIBILITIES - Partners with the Engagement Lead (EL) to manage the overall technical tasks during an engagement
- Assists the Client with the completion of immediate actions
- Assists the Client with SentinelOne (S1) agent installation and troubleshooting
- Ensures data preservation steps are taken and assists with forensic collections
- Manages Infrastructure Recovery/Restoration and Decryption/Remediation efforts
- Reviews backup solutions and assists with the validation of backups
- Consults on the resolution of all technical issues such as EDR deployment, troubleshooting, forensics collections, and onsite restoration
- Ensures the Strategic Plan contains comprehensive technical details and identifies additional technical resources based on Strategic Plan task list and milestones set by the EL
- Serves as an internal expert on the entire engagement lifecycle and portfolio of services at a technical level
- Serves as an escalation point for Technical Advisor, Engineer, and Technician positions for both technical and non-technical issues
- Ensures all activities, findings, and hourly time are properly documented
- Backfills the EL as needed on kickoff calls and daily update calls, etc. and may also fill in for other team members such as SOC or Forensics, depending on their experience and skillset
- Interfaces with the client's technical team members, outside technical teams, the EL, the Project Manager and other Arete Teams to ensure the overall technical success of the engagement
- Clearly articulates technical recommendations for enhancing client cybersecurity and/or IT infrastructure both verbally and in in writing (as directed by Counsel)
- May train or mentor other technical roles
- Identifies and escalates underperforming team members to help expedite Client recovery efforts and identify mentoring opportunities
- Prioritizes, actions upon, and delegates instructions and tasks provided by the EL
- May perform other duties as assigned by management
SKILLS AND KNOWLEDGE - General knowledge of the Incident Response lifecycle and the tools and processes leveraged over the entire engagement
- Ability to communicate technical subject matter to a non-technical audience
- Sufficient knowledge of all Arete core offerings, processes, and internal/proprietary tools
- Ability to lead projects with multiple stakeholders and resolve conflicts
- Strong influential leadership and interpersonal skills, professional presence and experience collaborating with peers on remote teams
- Strong communication and problem-solving skills
- Customer service focused with proven ability to manage multiple priorities
- Innovative and creative thinking skills
- Previous experience scripting for automation (PowerShell, Bash, Python).
- Familiarity with industry standard incident response and forensics threat hunting software and toolsets
- Working knowledge of networking to include DHCP, DNS, Subnetting, VLANs, and authentication., and the ability to troubleshoot and resolve issues
- General knowledge of data encryption technologies
- Ability to read and understand basic network diagrams
- Familiarity with small to large size network and systems environments
- Basic experience identifying persistence mechanisms and developing client specific remediation steps
- Experience with basic collections and troubleshooting basic collection methods (ie. powered on VM with space constraints)
- Experience setting up, configuring, and troubleshooting backup and restore operations
- Data recovery experience, basic understanding of data structures, file system formats, RAID configurations, and storage configurations
JOB REQUIREMENTS - A Bachelors/technical degree and 6 years of experience relevant experience working in IT operations and administrating IT systems, or equivalent experience.
- Technical Certifications, Cisco Networking, Security +, Microsoft Server/Azure, etc., preferred
- Advanced knowledge of multiple technologies: Multi-factor Authentication, Storage solutions, Hypervisors, Operating Systems, Networking, System Administration, Remote Monitoring and Management tools (RMMs), Log Aggregation and Collections, etc.
- Thorough knowledge in at many of the following areas: virtualization, Windows Server, Linux/Unix, LDAP/Active Directory, DNS, networking, firewalls, DMZ, scripting/PowerShell, cloud solutions (Azure, AWS, etc), Microsoft 365, information security, SaaS integrations, MDM, SIEM platforms, MFA, RMM.
- Ability to align tasks with the larger objective of the project engagement process.
- Previous experience rebuilding applications and custom Windows servers as well as domain controllers and verifying correct operations
- Ability to work onsite or during non-business hours, etc.
DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified.
WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS - No physical exertion required
- Travel within or outside of the state
- Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
TERMS OF EMPLOYMENT Expected annual base salary range: $104,000 - 130,000 per year Bonus Eligible Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. Arete Advisors, LLC is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
FLSA OVERTIME CATEGORY Job is exempt from the overtime provisions of the Fair Labor Standards Act.
DECLARATION The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry. When you join Arete... You'll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we're about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters. Equal Employment Opportunity We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.