Consultant, Restoration and Remediation (Remote)

About Surefire Cyber

Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats. Our client-centric approach reduces stress and provides clients the confidence needed to prepare, respond, and recover from cyber incidents – and fortify their cyber resilience after an event.

Surefire Cyber’s approach and delivery are designed by industry veterans who have worked shoulder-to­shoulder with law firms, insurance carriers, brokers, law enforcement, and impacted organizations in responding to cyber incidents. We are marshaling this experience to address the industry’s persistent challenges of efficiency, predictability, and transparency

Job Title: Consultant, Restoration and Remediation

Location: Remote (USA) 

Role: Full time / Exempt

Compensation: $60k-$90k 

What Makes You Stand Out

You are a systems-savvy problem solver who thrives in fast-paced environments and brings hands-on experience restoring compromised systems and implementing remediation strategies. You’ve worked in roles like IT Engineer, System Administrator, or Cybersecurity Consultant, and now want to apply those skills in a high-stakes, incident response setting.

You’re comfortable collaborating with Digital Forensics and Incident Response (DFIR) teams, diagnosing problems quickly, and supporting clients with empathy and clear communication during urgent cyber events.

How You'll Make an Impact 

As a Consultant on the Restoration and Remediation (R&R) team, you’ll contribute technical expertise during active incidents — helping clients recover from ransomware, malware infections, and breaches. You’ll execute remediation tasks, restore systems, and collaborate with forensic analysts to support response efforts. Through meticulous remediation efforts and application of technical expertise, they’ll help clients regain operational stability and strengthen their defenses against future threats

Your Role in Action 

• Support post-incident recovery efforts, collaborating with DFIR teams to assess the scope and impact of cyber incidents
• Participate in restoring compromised systems to a pre-incident state, including data recovery, system configuration, and hardening
• Assist in developing and executing tailored remediation plans based on technical, operational, and regulatory requirements
• Reimage, rebuild, and reconfigure endpoints, servers, and affected services such as Active Directory, Exchange, Group Policy, and VPN
• Use systems administration skills to restore and configure computing environments
• Troubleshoot network issues and assist in resolving infrastructure-level connectivity or access problems
• Contribute to the collection of digital artifacts and forensic evidence, supporting broader incident response
• Apply foundational knowledge to investigate and address malware infections, unauthorized access, and system integrity issues
• Implement endpoint protection and access control tools under supervision from senior R&R team members
• Document all actions taken in a clear, structured format, capturing technical findings, decisions made, and lessons learned
• Participate in after-hours (on-call/weekend rotational) support when needed to ensure 24/7 incident response coverage

Your Expertise

• Bachelor's degree in IT, Cybersecurity, Computer Science, or equivalent experience in technical support or IT administration roles
• Foundational knowledge of Windows, Linux, and MacOS environments and their security features
• Experience with firewalls, VPNs, Active Directory, Group Policy, Exchange, and common endpoint security tools
• Understanding of cyber incident impact, attacker techniques, and indicators of compromise (IOCs)
• Strong technical troubleshooting skills and a proactive, team-first attitude
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders
• Ability to manage competing tasks, adapt quickly to changing scenarios, and contribute in high-pressure situations

Expertise in all these areas is not required, but you should be excited by the opportunity to learn new things and comfortable with working with other team members to expand your knowledge base and experience. We at Surefire Cyber invite you to apply even if you do not feel you have mastery in all the requirements listed on the job description and welcome a further discussion.   

Interview Process 

• Submit application on our website    
• Preliminary phone interview with the People Team (approx., 30 mins) 
• Virtual/Teams Interview with Restoration Team Members 
• Virtual/Teams interview with hiring leader/Director of R&R (approx., 45 minutes) 
• Take Home Mock Scenario (approx., 45 minutes)
• Virtual/Teams interview with the Chief Deliver Officer
• Virtual/Team interview with our CEO 

#LIRemote

Benefits of Joining Surefire Cyber

• Competitive compensation plan and total rewards package for team members
• Remote workforce
• Generous paid time off plan and floating holidays
• Paid parental leave
• Employer paid premiums for both team members and their dependents for medical, dental, and vision
• Comprehensive health, vision, dental, 401K matching program, disability, Flexible Spending Accounts (FSA), Health Savings Account (HSA), Life and AD&D benefits.
• Professional development and career advancement opportunities
• We prioritize employee growth and development through a robust performance management platform to provide ongoing coaching, clear feedback, recognition, and opportunities for career growth.

Surefire Cyber is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex, or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, genetic information, or any other characteristic protected by applicable federal, state or local laws and ordinances.