Engineer Restoration Services

Restoration Services Engineer

The Restoration Services Engineer supports Arete's clients through initial Incident Response and Core Services, EDR Installation, Data Acquisition, Infrastructure Recovery/Restoration and Decryption/Remediation. You will also facilitate collaboration between the Onsite Team (OST), clients, and internal stakeholders.

Roles and Responsibilities

• Establishes a professional rapport and communication channel between internal stakeholders and the Engagement Team
• Supports the client when an engagement requires them to physically perform our Core Services remotely
• Effectively communicates technical subject matter to a non-technical audience

• Ensures EDR rollout is conducted in a prompt, methodical and thorough manner
• Installs Arete's supports tool in client environment
• Creates tools packages for client and engagement team troubleshooting
• Performs typical collections (triage/host with FTK Imager and Arete Collector)
• Troubleshoots EDR networking issues

• Is the driving force in the development, documentation, and use of new tools, scripts, processes, or other logistical methodologies to enhance incident response investigative processes
• Conducts host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations as required
• Recognizes and codifies attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Develops comprehensive and accurate reports and presentations for both technical and executive audiences
• Collects and documents client data supporting Post-IR opportunities and lessons learned

• Works with security and IT operations to implement remediation plans in response to incidents
• Demonstrates alignment to the Arete Excellence Model
• May perform other duties as assigned by management

Skills and Knowledge

• General knowledge of Incident Response lifecycle
• Experience with installation, configuring, and troubleshooting network and system hardware
• General knowledge of networking to include DHCP, DNS, Subnetting, VLANs, and authentication, and the ability to troubleshoot and resolve issues
• Advanced experience with desktop operating systems, especially Microsoft Windows 10 and 11; OSX and Linux, preferred
• Experience with MS Windows Server 2012, 2016, 2019, and 2022, to include installation, setup and configuration
• Experience with setting up and configuring a Windows Domain, as well as troubleshooting and resolving issues
• Familiar with backup and restore operations

• Demonstrated knowledge of data encryption technologies
• Ability to read and understand network diagrams
• Data recovery skills or experience, good understanding of data structures, file system formats, RAID configurations, and storage configurations
• Experience with scripting for automation, Powershell/Bash/Python, etc.
• Flexibility to work with many different Incident Response tool sets

• Effective communication skills, professional demeanor, and customer service focused
• Understanding of current computer systems, security, and infrastructure
• Priority management and problem-solving skills
• Strong personal organization, time management skills, sense of teamwork and collaboration

Job Requirements

• Bachelor's Degree and 4+ years of experience working in IT operations and administrating IT systems or Master's or Advanced Degree and 3+ years related experience
• Technical competencies in at least 5 of the following areas: Virtualization, Windows Server, Linux/Unix, LDAP/Active Directory, DNS, Networking, Firewalls, Scripting/PowerShell, Cloud Solutions (Azure, AWS, etc.), Microsoft 365, Information Security, SaaS integrations, MDM, SIEM Platforms
• Proficient with three or more technologies: Multi-factor Authentication, Storage solutions, Hypervisors, Operating Systems, Networking, System Administration, Remote Monitoring and Management tools (RMMs), Log Aggregation and Collections, etc.
• Technical Certifications such as Cisco Networking, Security +, Microsoft Server/Azure, etc., preferred

• Self-motivated and able to work independently
• Ability to travel domestically up to 50% and work onsite at client sites as required

Work Environment

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.

Physical Demands

• No physical exertion required
• Travel within or outside of state
• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects

Terms of Employment

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

FLSA Overtime Category

Job is exempt from the overtime provisions of the Fair Labor Standards Act.

Declaration

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.