Head of Incident Response
Remote
Applications have closed
Halcyon
Halcyon is the cyber resilience platform that Global 2000 companies rely upon to defeat ransomware-as-a-service-borne attacks. With the fastest endpoint recovery methods ever built and multiple layers of resiliency, including bypass and evasion...What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.
Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.
As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.
The Role:
Halcyon is passionately committed to forging an innovative anti-ransomware solution, pushing the boundaries of what a security product can accomplish in the contemporary cyber threat landscape. With this in mind, we are seeking a Head of Incident Response to fill a vital role, necessitating a complex blend of high-level analytical skills, customer facing capabilities, and incident response/digital forensic (“DFIR”) experience.
The ideal candidate will play a key role in delivering technical services to ransomware victims and Halcyon customers to provide data recovery and/or DFIR services. This includes strong technical knowledge of ransomware Tools, Tactics, and Procedures (“TTPs”) and be able to facilitate projects at an executive and technical level. Our ideal candidate can coordinate with technical staff, executive leadership, internal and external clients, and legal counsel.
The goal is to support our customers with the highest possible service, allowing them to recover as gracefully as possible from a disruptive ransomware event.
Responsibilities:
-
Hire, lead, and develop a highly technical consulting workforce. Responsible for the career growth, training, and development of workforce skills and capabilities.
-
Lead engagements and facilitate all functions both internal and external during professional services engagement.
-
Determine the tools, processes, and procedures to operate our professional services organization.
-
Collaborate with internal and customer teams to investigate and contain incidents.
-
Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.
-
Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOC) that can be applied to current and future investigations.
-
Build scripts, tools, or methodologies to enhance Halcyon’s incident investigation processes.
-
Develop and present comprehensive and accurate reports, training's and presentations for both technical and executive audiences.
-
Collaborate with cross-functional teams like Customer Success and Engineering to ensure efficient communication and coordination during security events. Work alongside these teams to aid customers in mitigating attacks and participate in post-incident reviews, sharing knowledge and best practices with the team to enhance future threat detection and response initiatives.
-
Perform the technical design and implementation of the Halcyon software on customer networks.
-
Ability to travel up to 35% of the time as needed.
Technical Skills and Qualifications:
-
Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools for host and network analysis.
-
Quick decision-making skills and expertise in incident prioritization and response.
-
Experience in alert correlation tools to detect and handle security incidents effectively (Sigma, SPL/KQL)
-
Strong demonstrated recent experience with scripting languages (Python, Shell Script, etc.) for task automation.
-
Strong technical experience in three of the five areas below
-
Host forensics (Windows / Mac / Linux)
-
Network traffic analysis
-
Log Review
-
Malware triage
-
Cloud technologies, including AWS, Azure, and GCP
-
General Skills and Qualifications:
-
Ability to build relationships with and understand business needs of customers and deliver demonstrable value
-
Experience as an incident commander during cybersecurity events, capable of coordinating all aspects of the response activities to internal and external parties.
-
Ability to multitask, prioritize, and take-charge during stressful situations
-
Excellent interpersonal skills for effective cross-functional collaboration; ability to clearly convey technical information to non-technical team members.
-
Experience with executing software and/or network projects through the complete engineering process.
-
Experience documenting and automating repetitive tasks and playbooks
-
Willingness to participate in an on call rotation that may include evening/weekend work, as required
-
BS/CS degree, or equivalent experience.
Bonus Skills and Qualifications: Additional skills and qualifications that may apply
-
Binary Disassembly and Reverse Engineering: Proficiency in using binary disassembly tools such as IDA Pro or Ghidra, coupled with strong skills in reverse engineering. This includes a particular focus on analyzing and understanding malware behaviors.
-
Relevant industry certifications, such as but not limited to GIAC Certified Incident Analyst (GCIA), Certified Computer Security Incident Handler (CSIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), CREST Certified Incident Manager, or CREST Certified-Network Intrusion Analyst Certification
Benefits:
Halcyon offers the following benefits to eligible employees:
-
Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
-
Short and long-term disability coverage, basic life and AD&D insurance plans.
-
Medical and dependent care FSA options.
-
401k plan with a generous employer contribution.
-
Flexible PTO policy.
-
Parental leave.
-
Generous equity offering.
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
Base Salary Range: $165,000 - $190,000
In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.
We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.
Tags: Automation AWS Azure Cloud CREST DFIR EDR Forensics GCFA GCIA GCP Ghidra GIAC GNFA Incident response Linux Log analysis Malware Python Reverse engineering Scripting SIEM Threat detection Travel TTPs Windows
Perks/benefits: 401(k) matching Career development Equity Flex vacation Health care Insurance Medical leave Parental leave Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs