Incident Response Recovery Engineer

The IRRE is a member of the DFIR team that can handle most aspects of the restoration and recovery process independently but may need assistance from more senior members of the team. This role will also be responsible for fulfilling all technical tasks associated with Business Email Compromise incidents.

Technical Competencies

• Assist with rebuilding Active Directory domains/networks after an attack via restoration from available backups, use of a decryption utility, etc.

• Troubleshoot common domain technologies such as DHCP and DNS

• Configure hypervisors, backup, firewalls, and other network technologies.

• Collect applicable evidence from on-premise and cloud-based environments to include Windows hosts, Linux hosts, and various network telemetry sources.

• Conduct all aspects of a Business Email Compromise ( BEC ) investigation to include scoping, data collection and analysis, and reporting.

• Recover data from impacted systems using various data recovery techniques/technologies

Communication and Client Management

• Communicate with client technical staff throughout the entire restoration process

• Communicate both executive and detailed level findings in verbal and written form with the assistance of senior team members if necessary