Principal DFIR Consultant, Incident Response

Full Time
10 months ago

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint. 

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.”  SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Team:

If you are an experienced cybersecurity incident responder who is excited by solving our Customer’s complex challenges and improving their cybersecurity resilience through innovative solutions - this role might be for you! At SecurityScorecard, our Professional Services team puts our Customers first and operates as a #oneScorecard Team. We seek to drive excellence, both in ourselves and others, and we fully leverage the SecurityScorecard platform in what we do.

About the Role:

SecurityScorecard’s Principal DFIR Consultant, Incident Response is a client-facing role and requires the ability to lead, investigate and and produce high-quality deliverables to our Customers and/or external stakeholders (Insurance or Legal Counsel). You will work directly with external parties to quickly and efficiently resolve cyber incidents through effective management and technical solutions. Additionally, you will review or provide guidance on containment, remediation and recovery, helping our Customers react to cyber events.

The Principal DFIR Consultant, Incident Response will be a key member within our broader Professional Services Team. You will develop relationships with insurance brokers, legal firms and Insurers and maintain a solutions-focused mindset to create positive business outcomes for SecurityScorecard and our Customers. As a Principal Consultant, you will rely on your ever increasing technical knowledge and expertise, while assisting in the process execution during highly-stressful Customer engagements. Additionally, you may work across internal functions within SecurityScorecard, including Sales, Product Marketing and Insurance to achieve success.

What You’ll Do:

  • Perform reactive incident response functions including identification, containment and remediation expertise
  • Examine firewall, web, database, and other log sources to identify evidence of malicious activity
  • Investigate data breaches leveraging forensics tools including Encase, FTK, Splunk, and other investigation tools to determine source of compromises and malicious activity 
  • Manage incident response engagements including scoping meetings and providing statements of work, guide clients through forensic investigations and provide guidance on longer term remediation recommendations
  • Document investigative procedures and internal standards for repeatable and efficient investigations
  • Lead the creation of incident response reports including breach summary and technical details of evidence observed.
  • Ability to perform travel requirements as needed to meet business demands (on average <10%)
  • Mentorship of team members in incident response and forensics best practices
  • Contribute to the advisory team by consulting on information security topics, conducting training, and documenting recommendations and providing deliverables to raise overall awareness on good cyber hygiene.

Required Qualifications:

  • At least 5+ years of professional incident response or digital forensics consulting experience 
  • Strong leadership skills including experience managing a team or individuals
  • Experience with leading complicated engagements including scoping, interfacing with Customers, Counsel and Insurance brokers, and have executed on a technical level
  • Proficient with host-based forensics, network log forensic analysis, malware triage analysis, disk or memory forensics
  • Experienced with EnCase, FTK, X-Ways, Splunk, Redline, WireShark, and other open source forensic tools
  • Incident response consulting experience required
  • An external presence via public speaking, conferences, and/or publications
  • Able to have a meaningful and rapid delivery contribution
  • Collaborative and able to build relationships internally, externally, and across all SSC functions, including the sales team
  • Excellent written and verbal communication skills.
  • Ability to lead an informed discussion and bring clients to understand information security risks and needs.
  • Strong influencing skills that promote productivity and inspire business transformation. 
  • Bachelor's Degree in Information Security, Computer Science, Digital Forensics, Cyber Security or related field or equivalent military experience required

Benefits:Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated salary range for this position is $175,000 - $225,000. Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits. 

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. 

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. 

SecurityScorecard does not accept unsolicited resumes from employment agencies.  Please note that we do not provide immigration sponsorship for this position.   #LI-DNI