Consultant, Restoration and Remediation (Remote)

Bachelor's degree in IT, Cybersecurity, Computer Science, or equivalent experience in technical support or IT administration roles Foundational knowledge of Windows, Linux, and MacOS environments and their security features Experience with firewalls, VPNs, Active Directory, Group Policy, Exchange, and common endpoint security tools Understanding of cyber incident impact, attacker techniques, and indicators of compromise (IOCs) Strong technical troubleshooting skills and a proactive, team-first attitude Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders Ability to manage competing tasks, adapt quickly to changing scenarios, and contribute in high-pressure situations

Support post-incident recovery efforts, collaborating with DFIR teams to assess the scope and impact of cyber incidents Participate in restoring compromised systems to a pre-incident state, including data recovery, system configuration, and hardening Assist in developing and executing tailored remediation plans based on technical, operational, and regulatory requirements Reimage, rebuild, and reconfigure endpoints, servers, and affected services such as Active Directory, Exchange, Group Policy, and VPN Use systems administration skills to restore and configure computing environments Troubleshoot network issues and assist in resolving infrastructure-level connectivity or access problems Contribute to the collection of digital artifacts and forensic evidence, supporting broader incident response Apply foundational knowledge to investigate and address malware infections, unauthorized access, and system integrity issues Implement endpoint protection and access control tools under supervision from senior R&R team members Document all actions taken in a clear, structured format, capturing technical findings, decisions made, and lessons learned Participate in after-hours (on-call/weekend rotational) support when needed to ensure 24/7 incident response coverage