Cyber Incident Handler – Principal (BHJOB22048_763)

Join to apply for the Cyber Incident Handler – Principal (BHJOB22048_763) role at ITmPowered Consulting.

**Cyber Security Incident Handler (Principal) – Remote – KAISJP00211866**

The Incident Handler uses incident response, investigative, and forensics skills to determine the extent of a breach, the containment measures required, and the overall response needed. This includes appropriate data collection, preservation, mitigation, remediation requirements, and security improvement plans. The Incident Handler will utilize forensic best practices and provide chain of custody services for criminal investigations (e.g., employee situations, fraud). The role may involve working on different teams depending on the incident type or pre-incident activities.

1. Evaluate processes, services, drivers, libraries, binaries, scripts, memory, network traffic, files, emails, and other artifacts for anomalies, security exploitation, and unauthorized access.
2. Identify attack vectors, social engineering attempts, exploits, malicious code, C2 activity, and persistence mechanisms.
3. Determine containment controls to halt ongoing attacks on affected resources.
4. Identify mitigation controls to prevent future attacks.
5. Analyze to determine breach scope, risk, and impact.
6. Conduct root cause analysis, develop remediation plans, and coordinate with SMEs for proper execution.
7. Collaborate with SMEs to determine mitigation strategies and coordinate with affected units.
8. Collect and preserve digital evidence according to best practices.
9. Document incident findings, evidence, analysis steps, and prepare reports and recommendations.
10. Engage management to improve organizational security posture.
11. Contribute to security infrastructure design based on incident response insights.
12. Update security policies and procedures routinely.
13. Focus on preserving uptime and minimizing impact on medical services.

• Broad knowledge of digital processing platforms, hardware, OS, applications, and troubleshooting skills.
• Expertise in Windows OS and working knowledge of Linux/UNIX, Android, iOS.
• Skills in malware behavioral analysis, static analysis, reverse engineering, and disassembly.
• Experience with security controls including EDR, forensics tools, SIEM (e.g., Splunk), and others.
• Excellent communication, documentation, and reporting skills.
• Ability to lead, respond quickly to security incidents, and manage elevated access responsibly.
• Teamwork in high-pressure environments.

• Master’s degree and 10+ years of related experience.
• 7+ years hands-on with forensic software and investigations.
• 10+ years in cybersecurity focusing on incident response or forensics.
• Certifications such as EnCE, GCFE, GCFA, GCIH, GREM, CISA, CISM, or similar.

• Degree in related field or 10+ years of experience.
• 15+ years in IT.
• Multiple OS expertise and forensic artifacts knowledge.
• Shell scripting skills in multiple languages.
• Understanding of malware methodologies and network analysis skills.
• Experience with forensic platforms like EnCase, FTK, Nuix, X-Ways.
• Strong communication, leadership, and incident management skills.

• Remote work in the US, preferred locations Colorado or Georgia.
• COVID-19 vaccination and booster required or medical exemption.
• Pass a background check, drug screen, and employment verification.
• US citizen or Green Card holder only; no visa sponsorship.
• W2 employment only; no vendors or sponsorship.
• Include contact info on resume.

To apply, email your details to Careers@itmpowered.com.