Associate Incident Response Engineer
Ready to further your career in the fast-paced, exciting world of cyber security?
Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry—cybersecurity. We have won countless awards for our excellence in security operations and remain dedicated to providing an industry-leading customer and employee experience.
Our mission is simple: End Cyber Risk. We’re looking for an Associate Incident Response Engineer to be part of making this happen.
About the Role
Our incident response team focuses on responding to major cyber incidents, such as, advanced persistent threats, ransomware incidents, advanced malware, and financial fraud. Our team works with our Client’s IT teams to contain the incident, remediate the threat, investigation all of the attacker actions, and recover the client back to normal operations. Our incident response team focuses on digital forensics, restoration and remediation, attacker negotiations, and dark web monitoring. The associate incident response engineer gets involved with all of those aspects of the incidents.
The Associate Incident Response Engineer role is for experienced IT and cyber security professionals that are looking to get into digital forensics and more focused on cyber security. This role is heavily involved in restoration and remediation and digital forensics. The role often times is the lead person performing a forensics investigation with support from team leads and other senior members of the team.
This role is client facing, and both technical skills and soft skills are incredibly important. Our incident response team works with clients who are in crisis, and our elite technical and soft skills make a terrible situation as good as it can possibly be.
Responsibilities for this role include:
- Perform digital forensic functions including but not limited to host-based analysis through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
- Process collected data and conduct defensible data acquisitions through in-depth analysis.
- Preserve and analyze data from electronic data sources and systems including laptop and desktop computers, servers, mobile devices, and cloud services (Azure, AWS, etc.).
- Examine firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.
- Be able to determine the root cause, find persistence mechanisms, and find all actions of the threat actor in most incidents.
- Participate in incident response engagements to guide clients and/or junior team members through forensic investigations, contain security incidents, and provide guidance on longer-term remediation recommendations.
- Record detailed data for each incident that can be used in threat research and marketing initiatives
Restoration and Remediation
- Preserve reserve evidence from complex systems and networks
- Rebuild servers and workstations.
- Restore servers from nearly any backup system
- Assist with decryption of data when needed.
- Recreate hypervisor environments and manage virtual servers
Client and Partner Management
- Provide support on incident response engagements in collaboration with the Team lead and Engagement Manager leading the engagements to guide client’s containment, remediation, restoration, and forensic investigations.
- Provide long term security recommendations that are well thought out and specific to the incident that the client experienced.
- Produce high-quality written and verbal reports, presentations, recommendations, and findings to key stakeholders including customer management, regulators, and legal counsel.
- Be able to lead an engagement solo from start to finish when needed.
- Be able to bring calm to escalated situations.
- Participate in weekday escalation on call schedule.
- Participate in weekend rotation schedule.
- Participate in holiday rotation schedule.
- Contribute towards R&D projects, such as, tools, techniques, threat research projects.
- Contribute to marketing initiatives.
Skills and Experience we are Looking For:
There are many backgrounds that make you a great candidate for this role, so don’t be afraid to apply and provide a cover letter explaining why you are a good fit. If you have strong IT instinct and background, with some cyber security knowledge, you may just be the perfect fit.
Skills and Experience desired:
- Windows IT admin experience with Azure, Windows AD, Exchange, etc.
- Managed Service Provide (MSP) experience solving problems and managing customers.
- Investigative mindset with the ability and desire to untangle complex situations
- Digital forensics Investigation experience is a plus, but not a requirement for the associate level
About Arctic Wolf
At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)—and the 2nd Most Innovative Security Company. This is in addition to consecutive awards from Top Workplace USA (2021, 2022), Best Places to Work - USA (2021, 2022) and Great Place to Work - Canada (2021, 2022).
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.
We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.
We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.
All wolves receive compelling compensation and benefits packages, including:
- Equity for all employees
- Bonus or commission pay based on role
- Flexible time off, paid volunteer days and paid parental leave
- 401k match
- Medical, Dental, and Vision insurance
- Health Savings and Flexible Spending Agreement
- Voluntary Legal Insurance
- Training and career development programs
- Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
- Background checks are required for this position.
Come join the Pack during this exciting time of rapid growth where every employee makes a difference and their contributions are recognized and rewarded.