The Restoration Services Engineer supports Arete’s clients through initial Incident Response and Core Services, EDR Installation, Data Acquisition, Infrastructure Recovery/Restoration and Decryption/Remediation. You will also facilitate collaboration between the Onsite Team (OST), clients, and internal stakeholders.  

ROLES & RESPONSIBILITIES  

• Establishes a professional rapport and communication channel between internal stakeholders and the Engagement Team 

• Supports the client when an engagement requires them to physically perform our Core Services remotely 

• Effectively communicates technical subject matter to a non-technical audience 

• Ensures EDR rollout is conducted in a prompt, methodical and thorough manner 

• Installs Arete’s supports tool in client environment 

• Creates tools packages for client and engagement team troubleshooting 

• Performs typical collections (triage/host with FTK Imager and Arete Collector) 

• Troubleshoots EDR networking issues 

• Is the driving force in the development, documentation, and use of new tools, scripts, processes, or other logistical methodologies to enhance incident response investigative processes 

• Conducts host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations as required 

• Recognizes and codifies attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations 

• Develops comprehensive and accurate reports and presentations for both technical and executive audiences 

• Collects and documents client data supporting Post-IR opportunities and lessons learned 

• Works with security and IT operations to implement remediation plans in response to incidents 

• Demonstrates alignment to the Arete Excellence Model  

• May perform other duties as assigned by management 

DISCLAIMER 

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.   

SKILLS AND KNOWLEDGE  

• General knowledge of Incident Response lifecycle 

• Experience with installation, configuring, and troubleshooting network and system hardware 

• General knowledge of networking to include DHCP, DNS, Subnetting, VLANs, and authentication., and the ability to troubleshoot and resolve issues 

• Advanced experience with desktop operating systems, especially Microsoft Windows 10 and 11; OSX and Linux, preferred 

• Experience with MS Windows Server 2012, 2016, 2019, and 2022, to include installation, setup and configuration 

• Experience with setting up and configuring a Windows Domain, as well as troubleshooting and resolving issues 

• Familiar with backup and restore operations 

• Demonstrated knowledge of data encryption technologies 

• Ability to read and understand network diagrams 

• Data recovery skills or experience, good understanding of data structures, file system formats, RAID configurations, and storage configurations  

• Experience with scripting for automation, Powershell/Bash/Python, etc. 

• Flexibility to work with many different Incident Response tool sets 

• Effective communication skills, professional demeanor, and customer service focused 

• Understanding of current computer systems, security, and infrastructure 

• Priority management and problem-solving skills 

• Strong personal organization, time management skills, sense of teamwork and collaboration 

JOB REQUIREMENTS  

• Bachelor's Degree and 4+ years of experience working in IT operations and administrating IT systems or Master's or Advanced Degree and 3+ years related experience  

• Technical competencies in at least 5 of the following areas: Virtualization, Windows Server, Linux/Unix, LDAP/Active Directory, DNS, Networking, Firewalls, Scripting/PowerShell, Cloud Solutions (Azure, AWS, etc), Microsoft 365, Information Security, SaaS integrations, MDM, SIEM Platforms 

• Proficient with three or more technologies: Multi-factor Authentication, Storage solutions, Hypervisors, Operating Systems, Networking, System Administration, Remote Monitoring and Management tools (RMMs), Log Aggregation and Collections, etc. 

• Technical Certifications such as Cisco Networking, Security +, Microsoft Server/Azure, etc., preferred 

• Self-motivated and able to work independently 

• Ability to travel domestically up to 50% and work onsite at client sites as required 

WORK ENVIRONMENT 

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job. 

PHYSICAL DEMANDS  

• No physical exertion required 

• Travel within or outside of state 

• Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects