REMOTE
About the Role
At Pondurance, we help organizations detect, respond to, and recover from cyber threats with confidence. Our Digital Forensics & Incident Response (DFIR) team partners with clients during some of their most critical moments, guiding them through investigation, containment, remediation, and recovery.
We are seeking a senior-level incident response professional with a strong systems or network administration background who can support both forensics and remediation efforts.
As a Senior Incident Response Consultant, you will lead the forensic investigation while also supporting clients through rebuild and recovery efforts. The team is specifically looking for someone with experience in systems or network administration who can serve as a subject matter expert during forensic and remediation efforts, working closely alongside client IT teams during the process.
Responsibilities
- Conduct forensic host, network, and application technical investigations
- Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent, and remediate threats
- Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
- Develop custom scripts, tools, or methodologies to enhance our IR processes
- Prepare comprehensive and accurate reports of forensic findings and IR activities for both technical and executive audiences
- Communicate investigative findings and strategy to various client stakeholders
- Provide immediate, actionable guidance to contain and mitigate ongoing attacks
- Assist in scoping new engagements and guide clients through the full incident response lifecycle
- Work directly with client IT teams to support rebuild, reconfiguration, and remediation efforts
- Remotely guide clients through EDR deployments, system configuration changes, and technical recovery steps
- Support the full incident response lifecycle from discovery through reporting
- Participate in an on-call rotation to provide after-hours and weekend incident response support as needed
Technologies
- Windows operating systems and networking protocols
- Active Directory administration and recovery
- Virtualization technologies such as HyperV and VMware ESXi
- Disk and memory forensics
- Network traffic analysis
- Experience with EDR platforms such as CrowdStrike, SentinelOne, or Huntress
- Experience with forensic toolsets such as FTK, AXIOM, KAPE, or similar
- Scripting experience using PowerShell, Python, or similar
Knowledge and Skills
- Significant experience in a forensic and incident response role
- Strong background in systems or network administration
- Hands-on experience with Active Directory administration and troubleshooting
- Experience responding to ransomware or complex security incidents
- Ability to work directly with clients in high-pressure situations
- Demonstrated ability to analyze incidents and recommend effective remediation and countermeasures
- Experience in a technical consulting or client-facing role
- Preferred certifications include GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), MCFE, EnCE or equivalent credentials
If you have other combinations of relevant skills and experience that you expect make you the right candidate for this role, please let us know!
Who we are
At Pondurance, we embrace, educate, and protect people by helping make our world a better and safer place. We believe in inviting good people into our company who are driven to become great!
Every person at Pondurance is encouraged to focus and grow in their individual areas of interest, passion, and career path. We have accessible leaders as Mentors who believe “None of us are as smart as all of us” (R. Pelletier).
We believe everyone has the freedom to be themselves, especially at work, and so we embrace, support, and celebrate each other. Each one of us influences our company’s direction through speaking up; you have a voice, and we want you to use it.
Do you want to be a part of something different? Do you want to influence real change? Do you want to be part of the solution? Then join us in redefining the security and cyber risk landscape.
What We Offer
The opportunity to apply your expertise, take on new challenges, and help customers address their biggest security objectives.
An inclusive culture of teamwork that embraces the diversity of our people and communities in which we work.
Some of the corporate benefits (there are more) for full-time employees include:
- Medical, dental, vision, disability, FSA, HSA, life, and AD&D insurance, 401(k) Plan.
- Time off: PTO, sick, holiday, & parental leave details are available
- Money: We provide competitive compensation packages based on the market and your overall credentials.
Although this is a remote role, if you live close by, you’ll have access to our office in McLean, VA.
To promote a healthy and safe work community, we require background and drug screenings as part of our hiring process. Details of our process will be provided upon request.
We are an equal opportunity employer focused on celebrating diversity and inclusion. We believe that each individual should be treated equally without regard to race, color, identity, national origin, protected veteran status, religion, sex, including sexual orientation and gender identity, disability, or any other characteristic protected by law.
Skills Required
- Significant experience in forensic and incident response roles
- Strong background in systems or network administration
- Hands-on Active Directory administration and recovery/troubleshooting
- Experience responding to ransomware or complex security incidents
- Hands-on experience with Windows operating systems and networking protocols
- Experience with virtualization technologies (HyperV, VMware ESXi)
- Disk and memory forensics expertise
- Network traffic analysis experience
- Experience with EDR platforms such as CrowdStrike, SentinelOne, or Huntress
- Experience with forensic toolsets such as FTK, AXIOM, KAPE, or similar
- Scripting experience using PowerShell, Python, or similar
- Experience in a technical consulting or client-facing role
- Ability to prepare comprehensive forensic reports and communicate to technical and executive stakeholders
- Ability to work directly with clients in high-pressure situations and guide remediation/rebuild efforts
- Participation in on-call rotation for after-hours and weekend incident response
- Preferred certifications (GCIH, GCFA, GREM, MCFE, EnCE or equivalent)
What We Do
Pondurance delivers world-class Managed Detection & Response (MDR), Incident Response (IR), Vulnerability Management, and Advisory Services to industries facing today’s most pressing and dynamic cybersecurity challenges. Our U.S. based Security Operations Center (SOC) offers personal, proactive, and around-the-clock cybersecurity to protect the human experience. We take a risk-based approach to cybersecurity; so you know you are protecting your most valuable assets and reducing your cyber risk. Our mission is to ensure that every organization is able to detect and respond to cyber threats – regardless of size, industry or current in-house capabilities. We believe AI and automation alone aren’t enough, you need ingenious human experience because attackers aren’t machines, they are people. We combine our advanced platform with decades of human intelligence to speed detection and response and contain cybersecurity threats quickly to ultimately decrease risk to your mission.
Why Work With Us
At Pondurance we embrace, educate, and protect people by helping make our world a better and safer place. We believe in inviting good people into our company who are driven to become great! Every person at Pondurance is encouraged to focus and grow in their individual areas of interest, passion, and career path.
Gallery







