*This role is to be on standby, in the case of incident response*

One of Millenilink’s clients is hiring a Manager of Incident Response into the cyber defense practice. This is specifically for incident response and not readiness. The responsibilities of this role include:

1. Lead and oversee complex, high-profile cyber incident response and investigation engagements, guiding clients through preparation, response, and recovery phases.

2. Act as a subject matter expert on ransomware investigations, and be prepared to personally lead or participate in hands-on investigative work as required, especially during critical or high-impact incidents.

3. Manage multiple concurrent projects across a diverse client base, spanning various industries, technologies, and geographies.

4. Serve as the primary point of contact for clients during incident response engagements, building trusted advisor relationships and ensuring high-quality service delivery.

5. Oversee and direct technical investigations, ensuring thorough analysis of large-scale cyber incidents and data breaches.

6. Design and facilitate technical and executive workshops on incident response, network security, vulnerability management, and related topics.

7. Provide strategic guidance to clients on incident containment, remediation, and recovery, leveraging industry best practices such as NIST and SANS frameworks.

8. Manage and support the execution of tabletop simulation exercises for technical and executive teams.

9. Oversee the preparation of high-quality deliverables, including incident investigation reports and executive briefings.

Experience:

1. At least 5 years of experience in digital forensics and incident response, or a closely related field, with at least 2 years in a leadership or managerial role.

2. Significant hands-on experience conducting ransomware investigations, including evidence collection, analysis, containment, eradication, and recovery. You are comfortable stepping in to lead or support technical investigations directly when the situation demands.

3. Previous consulting firm experience is a strong asset.

4. Broad experience in cybersecurity and technology fields.

Technical Skills:

1. Deep expertise in managing incident response engagements (e.g., ransomware, data breaches, business email compromise, network intrusions, cloud incidents).

2. Demonstrated ability to investigate and respond to ransomware attacks, including familiarity with ransomware TTPs, negotiation processes, and decryption/recovery strategies.

3. Proficiency with industry-standard digital forensic tools (e.g., Magnet Axiom, Encase, XWays, FTK, Velociraptor, etc.).

4. Experience with EDR tools (e.g., CrowdStrike Falcon, Carbon Black EDR, Microsoft Defender for Endpoint, etc.).

5. Familiarity with security monitoring solutions (e.g., Splunk, Microsoft Sentinel, Elastic/ELK, etc.).

6. Understanding of SOC operations, operating systems, file systems, cloud platforms (Azure, AWS, GCP), and enterprise IT infrastructure.

7. Relevant digital forensics and incident response certifications (e.g., SANS GIAC GCFA, GCFE, GCIH, GREM, EnCE, CCE) are a strong asset.