Cyber Incident Handler – Principal (BHJOB22048_763)

Join to apply for the Cyber Incident Handler – Principal (BHJOB22048_763) role at ITmPowered Consulting.

**Cyber Security Incident Handler (Principal) – Remote – KAISJP00211866**

The Incident Handler uses incident response, investigative, and forensics skills to determine the extent of a breach, the containment measures required, and the overall response needed. This includes appropriate data collection, preservation, mitigation, remediation requirements, and security improvement plans. The Incident Handler will utilize forensic best practices and provide chain of custody service for criminal investigations (e.g., employee situations, fraud, etc.). The Incident Handler may work on different teams, depending upon the type of incident or pre-incident activity and the nature of the threat.

• Evaluates processes, services, drivers, libraries, binaries, scripts, memory, network traffic, file, email, and other artifacts for anomalies, security exploitation, and/or unauthorized access.
• Identifies attack vectors, social engineering attempts, exploits, malicious code, C2 activity, and persistence mechanisms.
• Identifies containment controls to halt attacks in progress against affected or exposed resources.
• Identifies mitigation controls to prevent attacks to vulnerable or exposed resources.
• Performs analysis to determine scope, risk, and impact of breach or exposure.
• Performs root cause analysis, develops remediation plans, and works with SMEs to ensure proper execution of corrective action plans.
• Works with SMEs to determine mitigation strategies, and coordinates with affected business units to implement security controls.
• Collects and preserves digital evidence in a forensically sound manner according to best practices.
• Documents incident findings, evidence, analysis steps, and creates after-action reports and recommendations.
• Engages management to improve organizational security posture.
• Provides input to security infrastructure design based on incident response experience.
• Updates security policies and procedures routinely.
• Focuses on preserving uptime of the production environment and minimizing impact on medical services.

• Broad knowledge of digital processing platforms, hardware, OS, applications, and troubleshooting failures.
• Expertise in Windows OS, working knowledge of Linux/UNIX, familiarity with Android and iOS.
• Malware behavioral analysis skills, static analysis, reverse engineering, binary disassembly.
• Experience with security controls including EDR, forensics tools, anti-virus, intrusion prevention, SIEM.
• Excellent communication and documentation skills.
• Ability to produce reports for senior management, lead teams, and respond quickly to incidents.
• Ability to work in a team in a fast-paced, high-risk environment.

• Master’s degree and 10+ years of experience.
• 7+ years experience with enterprise forensic software.
• 10+ years in Cyber Security focused on Incident Response or Forensics.
• Certifications such as EnCE, GCFE, GCFA, GREM, CISA, CISM, etc.

• Degree or 10+ years experience.
• 15+ years in IT.
• Multiple forensic platform experience.
• Expertise in malware analysis, networking, security controls.
• Strong communication, leadership, and project management skills.

• Contract through year-end with potential extension or perm conversion.
• Remote work anywhere in the US, preferred locations Colorado or Georgia.
• COVID-19 vaccination and booster required or medical exemption.
• Must pass background check, drug screen, employment verification.
• US Citizen or Green Card holder required; no visa sponsorship.
• W2 only, no sub vendors.
• Include contact info on resume.

To apply, email your details to careers@itmpowered.com.