Incident Response Lead - REMOTE

DFIR · Toronto, British Columbia
Department DFIR
Employment Type Full-Time
Minimum Experience Experienced

 

Arete Incident Response is leading cyber-incident response and security provider. Our mission is to help our clients to reduce the burden of preparing for, detecting, and responding to cyber-incidents, while also deploying preventative measures before and post-incident. At Arete, you will have the opportunity to work alongside and learn from some of the top minds in the cyber industry. You will also know that you are contributing to the health and safety of organizations -- not only major corporations, but also critical services such as hospitals and local government.

 

Our culture is focused on personal growth, excellence in everything we do, and a commitment to giving back to our communities. We are an elite team of cyber superheroes that strives to make a positive impact on the world every day. We seek top talent to join our team and contribute together for our, and your, success.

 

Summary

The Incident Response (IR) Lead manages a team of experts with diverse skill-sets including Security Operations Center (SOC), Forensics, and technical Subject Matter Expert (SME) advisory. The IR Lead is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis and reporting. The Incident Response Lead is also responsible for building the relationship with the client and client’s counsel and to ensure the engagement’s objectives and expectations are met and executed successfully as documented in the statement of work. You will leverage a solid foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute your responsibilities.

 

Roles & Responsibilities

  • Accurately collects information from client concerning the incident to include but not limited to client’s environment, size, technology, and security threats. In addition, the IR Lead is responsible for capturing all client’s expectation and objectives throughout the engagement to ensure a successful delivery.
  • The main point of contact who manages and participates in all communications with the client and client’s counsel during the engagement. The IR Lead sets cadence for communications.
  • Management and Coordination of all technical efforts for the IR engagement to drive the process forward through; tool deployment, ransomware decryption, restoration, and recovery efforts, system rebuilds, system, application, and network administration tasks. 
  • Coordinates with the Ransom Specialist when ransom negotiations are needed. Ensures updates regarding ransom status are delivered to the client and counsel in a timely fashion.
  • Manages and coordinates the onsite efforts with the Onsite Lead or team ensuring they understand and can execute the objectives for the onsite work. Additional responsibilities with onsite efforts include ensuring communications are frequent and getting the daily onsite update communicating these back to the IR Director and/or IR Ops Associate for their Tiger Team.
  • Ensures the Forensic Lead is coordinating the collection of data necessary for the investigation.
  • Ensures SentinelOne is deployed in a timely manner and adding value. 
  • Communicates with sales when appropriate for SentinelOne, provide client contact.
  • Communicates in tandem with the Forensic Lead pertinent findings to the client during investigation.
  • Follows up with the SOC Lead on SentinelOne alerts and encourages/coordinates client participation with the product. 
  • Accountable for final report review, ensuring the report is accurate, professional and meets the objective of client counsel.
  • Other duties as assigned. 
     

Skills and Experience Requirements

  • Bachelor's degree in a Computer Science, Computer Engineering, Information Assurance, Forensic Sciences, or related technical field; Graduate degree preferred
  • 7+ years’ experience leading full-cycle incident response investigations and communicating with the client/counsel/carriers
  • Experience leading scoping calls
  • Strong background and practical hands on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
  • Must be eligible to work in the US without sponsorship
  • Practical experience performing in a functional role including but not limited to one or more of the following disciplines; computer forensics, Incident Response, data analytics, Security Operations and Engineering, Digital Investigations
  • Possesses strong verbal and written communication skills 
  • Ability to speak French highly preferred

 

When you join Arete…

 

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

 

Equal Employment Opportunity


We’re proud to be an equal opportunity employer and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.

Thank You

Your application was submitted successfully.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • Location
    Toronto, British Columbia
  • Department
    DFIR
  • Employment Type
    Full-Time
  • Minimum Experience
    Experienced