Principal Consultant/ Engagement Lead

Piper companies is seeking a Principal Consultant/Engagement Lead to lead Business Email Compromise and Ransomware engagements. The lead will work with both small and large organizations of varying levels of technical maturity, handle client cyber incidents and spearhead communication, scoping, as well as utilizing technical skills to analyze intrusions and detect incidents. You must be capable of working in a high stress IR situation and effectively navigate through the IR lifecycle. You will be responsible for leading the technical analysis of an IR investigation as well as communicating effectively and providing off-hours support as needed. External client facing investigation experience is required to be considered.

Responsibilities of the Principal Consultant/Engagement Lead:

• Assist with the scoping of new engagements using a whole lifecycle approach, guiding the client from initial discovery through mitigation and remediation
• Conduct forensic host, network, and application technical investigations
• Lead tabletop exercises, incident response training, incident response plan organizational maturity reviews, and leaked data exposure assessments
• Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent and remediate threats
• Develop comprehensive and accurate reports of forensic findings and IR activities for both technical and executive audiences
• Effectively communicate investigative findings and strategy to various client stakeholders
• Provide clients with immediate actionable 0-day cybersecurity advice to stop and mitigate the damage of ongoing attacks

Qualifications of the Principal Consultant/Engagement Lead::

• Minimum 5-8 years of information security experience
• Minimum 3 years of professional consulting experience in a client facing capacity
• Windows disk and memory forensics, Network Security Monitoring (NSM), network traffic analysis, and log analysis, Unix or Linux disk and memory forensics
• Static and dynamic malware analysis
• Applied knowledge in at least one scripting or development language (such as Python)
• Thorough understanding of enterprise security controls in Active Directory / Windows environments
• Cloud services such as Azure, AWS and GCP
• Binalyze, Microsoft Defender, Microsoft Sentinel
• Log analysis: Log analysis tools such as Elastic, Splunk and query syntax such as KQL and regular expressions (GREP) and analyze various log types such as network, firewalls, windows events, SIEM and VPN
• EDR Solutions: Defender (Primary), but familiar with other mainstream EDR tools such as Sentinel One, CrowdStrike, Cortex XDR, Sophos, Cylance and Trend Micro, etc

Comprehensive Benefits:

• Medical, Dental, Vision, 401K, PTO
• $150,000 - $17000 (12% annual bonus)

Keywords: #LI-RL1 #LI-REMOTE

Principal Consultant, Engagement Lead, Incident Response, Business Email Compromise, Ransomware, Cybersecurity, Digital Forensics, Threat Detection, IR Lifecycle, Client Communication, Forensic Investigation, Host Analysis, Network Analysis, Application Analysis, Tabletop Exercises, Incident Response Training, Leaked Data Exposure, Security Controls, Mitigation, Remediation, Executive Reporting, Technical Reporting, 0-day Cybersecurity Advice, Binalyze, Microsoft Defender, Microsoft Sentinel, Elastic, Splunk, KQL, GREP, Log Analysis, Windows Event Logs, SIEM, VPN Logs, X-Ways, AXIOM, Volatility, Velociraptor, Chainsaw, Hayabusa, Registry Analysis, Browser History, MFT, File Access, User Activity, Python, PowerShell, SQL, Bash, Adversary Tactics, EDR Solutions, Sentinel One, CrowdStrike, Cortex XDR, Sophos, Cylance, Trend Micro, Ransomware Negotiation, External Client-Facing, High-Stress Environments, Off-Hours Support