Head of Incident Response

What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.

As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.

The Role:

Halcyon is passionately committed to forging an innovative anti-ransomware solution, pushing the boundaries of what a security product can accomplish in the contemporary cyber threat landscape. With this in mind, we are seeking a Head of Incident Response to fill a vital role, necessitating a complex blend of high-level analytical skills, customer facing capabilities, and incident response/digital forensic (“DFIR”) experience.

The ideal candidate will play a key role in delivering technical services to ransomware victims and Halcyon customers to provide data recovery and/or DFIR services. This includes strong technical knowledge of ransomware Tools, Tactics, and Procedures (“TTPs”) and be able to facilitate projects at an executive and technical level. Our ideal candidate can coordinate with technical staff, executive leadership, internal and external clients, and legal counsel.

The goal is to support our customers with the highest possible service, allowing them to recover as gracefully as possible from a disruptive ransomware event.

Responsibilities:

1. Hire, lead, and develop a highly technical consulting workforce. Responsible for the career growth, training, and development of workforce skills and capabilities.

2. Lead engagements and facilitate all functions both internal and external during professional services engagement.

3. Determine the tools, processes, and procedures to operate our professional services organization.

4. Collaborate with internal and customer teams to investigate and contain incidents.

5. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.

6. Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOC) that can be applied to current and future investigations.

7. Build scripts, tools, or methodologies to enhance Halcyon’s incident investigation processes.

8. Develop and present comprehensive and accurate reports, training's and presentations for both technical and executive audiences.

9. Collaborate with cross-functional teams like Customer Success and Engineering to ensure efficient communication and coordination during security events. Work alongside these teams to aid customers in mitigating attacks and participate in post-incident reviews, sharing knowledge and best practices with the team to enhance future threat detection and response initiatives.

10. Perform the technical design and implementation of the Halcyon software on customer networks.

11. Ability to travel up to 35% of the time as needed.
    
    

Technical Skills and Qualifications:

1. Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools for host and network analysis.

2. Quick decision-making skills and expertise in incident prioritization and response.

3. Experience in alert correlation tools to detect and handle security incidents effectively (Sigma, SPL/KQL)

4. Strong demonstrated recent experience with scripting languages (Python, Shell Script, etc.) for task automation.

5. Strong technical experience in three of the five areas below

   • Host forensics (Windows / Mac / Linux)

   • Network traffic analysis

   • Log Review

   • Malware triage

   • Cloud technologies, including AWS, Azure, and GCP
     
     

General Skills and Qualifications:

1. Ability to build relationships with and understand business needs of customers and deliver demonstrable value

2. Experience as an incident commander during cybersecurity events, capable of coordinating all aspects of the response activities to internal and external parties.

3. Ability to multitask, prioritize, and take-charge during stressful situations

4. Excellent interpersonal skills for effective cross-functional collaboration; ability to clearly convey technical information to non-technical team members.

5. Experience with executing software and/or network projects through the complete engineering process.

6. Experience documenting and automating repetitive tasks and playbooks

7. Willingness to participate in an on call rotation that may include evening/weekend work, as required

8. BS/CS degree, or equivalent experience.

Bonus Skills and Qualifications: Additional skills and qualifications that may apply

1. Binary Disassembly and Reverse Engineering: Proficiency in using binary disassembly tools such as IDA Pro or Ghidra, coupled with strong skills in reverse engineering. This includes a particular focus on analyzing and understanding malware behaviors.

2. Relevant industry certifications, such as but not limited to GIAC Certified Incident Analyst (GCIA), Certified Computer Security Incident Handler (CSIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), CREST Certified Incident Manager, or CREST Certified-Network Intrusion Analyst Certification

Benefits:

Halcyon offers the following benefits to eligible employees:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.

• Short and long-term disability coverage, basic life and AD&D insurance plans.

• Medical and dependent care FSA options.

• 401k plan with a generous employer contribution.

• Flexible PTO policy.

• Parental leave.

• Generous equity offering.

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Base Salary Range: $165,000 - $190,000

In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.

We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.