Associate Engagement Lead, Incident Response

Roles & Responsibilities

• Responds to Client, Counsel, Carrier (CCC) in accordance with Key Performance Indicators (KPIs) and urgency of requests
• Engagement Management (External): With oversight and assistance,
• Leads the technical conversation and drives the direction and strategy of the engagement
• Educates the Client on how to make informed decisions
• Maintains accountability for accurate and timely password changes within 24 hours
• Builds the strategy for success and delivers it
• Assists clients with developing and executing their recovery plans
• Establishes priorities for the Client’s IT and Arete’s engagement personnel
• Is the subject matter expert on various technologies, infrastructure, and engagement-specific items
• Tracks progress to completion
• Engagement Management (Internal): With oversight and assistance,
• Communicates clearly and manages priorities by role ensuring each team member understands their tasks, values, and time to deliver
• Ensures project workstreams are being delivered on-time
• Monitors budget and team hours against allocated hours within the statement of work (SOW)
• Ensures daily time entry is complete within Project management tool for the team
• Ensures project workstreams are being delivered on-time
• Ensures project budget is correct -identifies potential overages and requests amendments when workstream budgets reach 75%, if necessary
• Ensures the engagement team is utilized to a blended 70%
• Identifies opportunities for add-on services to continue assisting Clients with Arete resources
• Ensures teams execute tasks successfully and validates work product quality
• Provides routine updates to CCC regarding overall engagement and action items
• Delivers to the Client on-time based on agreed upon service level agreement (SLA) and/or as needed
• May perform other duties as assigned by management
• Leads the technical conversation and drives the direction and strategy of the engagement
• Educates the Client on how to make informed decisions
• Maintains accountability for accurate and timely password changes within 24 hours
• Builds the strategy for success and delivers it
• Assists clients with developing and executing their recovery plans
• Establishes priorities for the Client’s IT and Arete’s engagement personnel
• Tracks progress to completion
• Is the subject matter expert on various technologies, infrastructure, and engagement-specific items
• Is the subject matter expert on various technologies, infrastructure, and engagement-specific items
• Communicates clearly and manages priorities by role ensuring each team member understands their tasks, values, and time to deliver
• Ensures project workstreams are being delivered on-time
• Monitors budget and team hours against allocated hours within the statement of work (SOW)
• Ensures teams execute tasks successfully and validates work product quality
• Provides routine updates to CCC regarding overall engagement and action items
• Ensures daily time entry is complete within Project management tool for the team
• Ensures project workstreams are being delivered on-time
• Ensures project budget is correct -identifies potential overages and requests amendments when workstream budgets reach 75%, if necessary
• Ensures the engagement team is utilized to a blended 70%
• Identifies opportunities for add-on services to continue assisting Clients with Arete resources
• Delivers to the Client on-time based on agreed upon service level agreement (SLA) and/or as needed
• Ensures daily time entry is complete within Project management tool for the team
• Ensures project workstreams are being delivered on-time
• Ensures project budget is correct -identifies potential overages and requests amendments when workstream budgets reach 75%, if necessary
• Ensures the engagement team is utilized to a blended 70%
• Identifies opportunities for add-on services to continue assisting Clients with Arete resources
• Delivers to the Client on-time based on agreed upon service level agreement (SLA) and/or as needed

Skills And Knowledge

• Excellent time management and organizational skills
• Ability to read the room and adjust conversational style accordingly
• Ability to navigate difficult conversations with ease
• Ability to manage client expectations
• Ability to lead team members globally with guidance and take ownership over their wins and losses
• Ability to oversee projects with security implementations
• General background or knowledge of network enterprise systems administration
• General knowledge and understanding of operating systems and hardware architectures: Linux/Unix, Mainframe, Windows, Cloud, etc.
• General knowledge and experience with core set of standard Industry technology and platforms and familiarity with cybersecurity tools. Hands-on not required but a plus
• Endpoint Detection and Response (EDR) solutions
• E-mail platforms: Microsoft Office (M365), On-premises Exchange, Google Workspace
• Anti-virus (AV) vendors
• Identity Access Management (IAM)/Zero Trust systems
• Disaster Recover Plans
• Firewall and Virtual Private Network (VPN) platforms
• Remote access tools
• Knowledge of Small-to medium-sized architecture
• Network segmentation
• Cloud Provider Platforms:
• Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
• On-premises technologies, Physical and Virtual
• Servers, Firewalls, routers, storage, Security Information Event Management (SIEM), Multi-factor authentication
• General knowledge of containment, preservation, and acquisition of data within compromised IT environments
• General knowledge of email servers: on-premises, cloud hosted, and third-party hosted
• Demonstrates deep understanding of configurations
• Understands how email servers connect to or authenticate with Active Directory (AD)
• Understands how to collect relevant logs from popular email services (Exchange, Exchange Online, Google Workspace, and M365)
• Familiarity with or knowledge of how to familiarize oneself with additional platforms as required
• Effortlessly directs IT personnel to perform collection of required log information
• Secures email platforms and directs IT administrators on proper configuration techniques
• Endpoint Detection and Response (EDR) solutions
• E-mail platforms: Microsoft Office (M365), On-premises Exchange, Google Workspace
• Anti-virus (AV) vendors
• Identity Access Management (IAM)/Zero Trust systems
• Disaster Recover Plans
• Firewall and Virtual Private Network (VPN) platforms
• Remote access tools
• Network segmentation
• Cloud Provider Platforms:
• On-premises technologies, Physical and Virtual
• Servers, Firewalls, routers, storage, Security Information Event Management (SIEM), Multi-factor authentication
• Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
• Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
• Demonstrates deep understanding of configurations
• Understands how email servers connect to or authenticate with Active Directory (AD)
• Understands how to collect relevant logs from popular email services (Exchange, Exchange Online, Google Workspace, and M365)
• Effortlessly directs IT personnel to perform collection of required log information
• Secures email platforms and directs IT administrators on proper configuration techniques
• Familiarity with or knowledge of how to familiarize oneself with additional platforms as required
• Familiarity with or knowledge of how to familiarize oneself with additional platforms as required

Job Requirements

• Minimum of 5 years conducting digital investigations or managing full-cycle incident response investigations for a major consulting firm or global IR company
• Bachelor's degree in a computer science related discipline and 6+ years related experience or Master's or Advanced Degree and 5+ years related experience
• Industry certifications: GCFA, GCFE, GCIH, GISP, CISSP, Security+, MCSC, Network+, or equivalent, preferred

Disclaimer

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified. 

Work Environment

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

Physical Demands

• No physical exertion required
• Travel within or outside of the state
• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects

Terms Of Employment

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

Flsa Overtime Category

Job is exempt from the overtime provisions of the Fair Labor Standards Act.

Declaration

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

Equal Employment Opportunity

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. 

Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.

 

 

When you join Arete…

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.

Equal Employment Opportunity

We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.