Cybersecurity Lead Recovery and Remediation Specialist

We are seeking an experienced and proactive Lead Recovery and Remediation Specialist to oversee and execute recovery operations following cyber incidents. This leadership role is pivotal in coordinating technical response efforts, restoring systems, preserving forensic evidence, and ensuring secure recovery across diverse environments. The successful candidate will possess deep technical expertise, strong leadership capabilities, and excellent communication skills to interface with clients, internal teams, independent contractors, and subcontractors.

Key Responsibilities: • Lead recovery and remediation efforts following cyber incidents such as ransomware attacks, data breaches, and system compromises. • Coordinate engagement staffing, ensuring appropriate allocation of internal staff, independent contractors, and subcontractors for each incident response. • Perform system administration tasks across Windows and Linux environments to restore services and harden systems post-incident. • Configure, analyze, and remediate network devices, including firewalls, VPNs, and intrusion prevention systems. • Collect, preserve, and document forensic evidence in accordance with legal and regulatory standards. • Collaborate with DFIR team leads and other stakeholders to develop and execute comprehensive remediation plans. • Provide clear, professional communication with clients, including updates, guidance, and post-incident reporting. • Contribute to lessons learned, prevention strategies, and continuous improvement of incident response processes. • Maintain detailed documentation of recovery and remediation activities and staffing coordination.

Required Skills & Qualifications: • Proven experience in system administration (Windows and Linux). • Strong understanding of network infrastructure, including firewalls, VPNs, and routing. • Experience with forensic triage collection, forensic imaging, and evidence preservation techniques. • Familiarity with incident response frameworks (e.g., NIST, SANS). • Demonstrated ability to lead technical teams and coordinate cross-functional resources. • Excellent verbal and written communication skills. • Strong problem-solving and analytical thinking. • Ability to work under pressure in high-stakes environments.

Preferred Qualifications: • CompTIA Certifications (A+, Net+, CySA+, Security+, Linux+) • Security Certifications (CISM, CISSP) • Microsoft Certifications (Windows Server Hybrid Administrator Associate, Azure Security Engineer Associate) • Experience with EDR/XDR platforms and SIEM tools. • Knowledge of scripting languages (e.g., PowerShell, Bash, Python) for automation. • Experience working with law enforcement or legal teams on cybercrime cases.

IronGate Cybersecurity is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment based on individual merit, skills, and performance, without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristics protected by law.

Company DescriptionIronGate Cybersecurity is at the forefront of defending companies from cyber threats. As a trusted leader in cybersecurity solutions, our Professional Services Team leverages cutting-edge technology and deep industry expertise to provide comprehensive security assessments, incident response, and digital forensic analysis. Join us in our mission to protect our clients from the ever-evolving landscape of cyber threats.