Senior DFIR Recovery Specialist

The Role:

We seek an experienced Incident Response Recovery Specialist to join the At-Bay Response & Recovery team. The Senior DFIR Recovery Specialist will support the Response & Recovery remediation team and report to our Incident Response Engineer.

Responsibilities:

• Accountable for overseeing, measuring, and driving efforts to systematically increase the maturity and effectiveness of cyber security incident response and recovery processes, setups, and controls for At-Bay’s Response and Recovery Team.
• Gains and helps maintain an end-to-end understanding of relevant client landscape (networks, endpoints, platforms, applications, dependencies, cloud services, on-premise setups, etc.).
• Engages with global and local operational Security & IT teams, collaborates closely with all relevant functions across the client base, and consults with external experts & stakeholders.
• Provides deep security expertise in the context of reviews of detection measures, post-mortem analysis of cyber incident responses, and IT recovery exercises; supports and helps coordinate major real cyber security events.
• Provides assurance & evidence for the formal security control objectives in this area and contributes accordingly to the overall needs of At-bay’s clients.
• Identifies gaps in detection, response, recovery controls, and details and drives security risk reduction activities.

In this role, we value:

• Great educational background, preferably in the fields of computer science or engineering for technical project managers.
• Proven working experience as a project administrator in the information technology sector.
• Solid technical background, with understanding or hands-on experience in Windows, Linux, and OSX
• Excellent client-facing and internal communication skills.
• Excellent written and verbal communication skills.
• Solid organizational skills, including attention to detail and multi-tasking skills.

Required Skills:

• Play a key role in post-breach firewall reconfiguration, including rule audits, segmentation updates, and blocklist implementations to harden perimeter defenses.
• Collaborate with threat intel and SOC teams to develop and deploy IOCs and custom firewall rulesets (e.g., Palo Alto, Fortinet, Cisco ASA) during active incident response.
• Create and execute firewall recovery workflows to ensure secure rollback and containment during ransomware and APT-level incidents.
• Install/Replace, configure, and optimize network hubs, routers, and switches (e.g., higher-level protocols, tunneling).
• Develop and implement network backup and recovery procedures.
• Diagnose network connectivity problems.
• Implement new system design procedures, test procedures, and quality standards.
• Install and maintain network infrastructure device operating system software (e.g., windows OS, virtual machines).
• Integrate new systems into existing network architecture.
• Monitor network capacity and performance.
• Skill in writing code in a currently supported programming language (e.g., Java, Python, PowerShell).
• Patch network vulnerabilities to ensure that information is safeguarded against outside parties.
• Provide feedback on network requirements, including network architecture and infrastructure.
• Test and maintain network infrastructure, including software and hardware devices.
• An understanding of forensic data collection tools and procedures is a plus.

Work location:

•  USA, Remote ( EST )
•  Travel 50–75% to client locations primarily along the East Coast; flexibility to travel nationwide as needed.

Our estimated base pay range for this role is $115,000 - $130,000 per year. Base salary is determined by a variety of factors including but not limited to market data, location, internal equitability, domain knowledge, experiences and skills. In general, if the position sparks your interest we encourage you to apply - our team prioritizes talent.