Incident Response Recovery Engineer (m/f/d)

Incident Response Recovery Engineer (m/f/d)
Remote/Frankfurt, Germany

About Arctic Wolf:

At Arctic Wolf, our mission is to minimise cyber risks. As a leader in security operations, we are looking for a dedicated and experienced Incident Response Recovery Engineer (m/f/d) to join our team in Frankfurt. This is your chance to make a real impact in cybersecurity.

General
 

Participation in escalation services during the week and on-call duties on weekends/holidays
Conducting audits and peer reviews of incident reports
Promotes the exchange of information and cooperation
 

Technical competences

Support for rebuilding Active Directory domains/networks after an attack by restoring from available backups, using decryption tools, etc.
Troubleshooting for common domain technologies such as DHCP and DNS
Configuration of hypervisors, backup systems, firewalls and other network technologies
Collection of relevant evidence from local and cloud-based environments, including Windows hosts, Linux hosts and various network telemetry sources
Conducting all aspects of a Business Email Compromise ("BEC") investigation, including delineation, data collection and analysis, and reporting
Data recovery from affected systems using various data recovery techniques/technologies
 

Communication and customer service
 

Communication with the customer's technical staff throughout the recovery process
Communication of results both at management level and in technical detail - verbally and in writing - with support from experienced team members if required
 

Key competences

System administration and troubleshooting
Configuration of Active Directory
Network design and infrastructure
Virtualisation technologies
 

Minimum qualifications

At least three years of professional experience in the field of restoration, troubleshooting, configuration and network maintenance, e.g. as a Restoration & Remediation Engineer, Post Breach Remediation Consultant, System Administrator or in a comparable position
Ability to respond to requests and work outside of regular working hours
Routine in setting up new domain controllers, assuming Flexible Single Master Operations (FSMO) roles, DNS troubleshooting, restoring System Volumes (SYSVOL) and rebuilding Distributed File System Replication (DFSR) or File Replication Service (FRS)
Confident in network configuration and troubleshooting as well as good knowledge of deployment management systems and imaging solutions
Familiar with firewalls, VPNs, Active Directory, group policies, Linux and Windows systems
Basic knowledge of hypervisors such as ESXi / VMware or Hyper-V
Business Fluent in German and English
 

Preferred qualifications

Bachelor's degree in information security, digital forensics, computer science or a related field
Familiarity with various backup solutions (VEEAM, Datto, Barracuda, etc.)
Knowledge of decryption programmes provided by attackers
Automation of tasks with PowerShell, Python or another suitable scripting language

What we offer you:

A motivated, supportive team with a strong mentoring approach.
An environment in which you can develop further - both technically and as a consultant.
Attractive remuneration including company shares.
Permanent employment contract with 30 days holiday.
A modern office in the heart of Frankfurt and high-quality equipment (Mac).
Personal development through training and certifications.
Team events and a positive, learning-orientated corporate culture.
 

Ready to make a real difference?

Then we look forward to receiving your application! Send us your CV - including references and certificates. Become part of one of the most innovative and fastest growing cybersecurity companies in the world.