Lead Consultant (1099): IR/Forensics Practice

Lead Consultant for the IR/Forensics Practice

Employment Type: 1099/Independent Consultant
Location: Scottsdale, AZ preferred/ remote locations will be considered.

Job Description
The Lead Consultant will be part of the Incident Response and Forensics practice, whose services include emergency incident response as well as incident preparation services. The Lead Consultant will act as an Incident Commander on customer incidents, perform forensic investigation activities during suspected security events, manage customer recovery, and provide expert incident response reports. Skills include resolving highly complex intrusion scenarios using host, cloud, network, log, IDS and device analysis and forensics. As a Lead Consultant you will respond to, analyze, diagnose, and report on attack events as well as recommend counter measures to attacks and other malicious activity. Lead Consultants must also be able to develop IR Plans and Playbooks and run IR Tabletop Exercises.

Duties and Requirements

• Available 24/7 for incoming IR work, based on an on-call rotation of 2 weeks on, 4 weeks off on-call rotation
• Mostly remote work but some infrequent emergency travel is required
• Able to act as an Incident Commander for customers, lead a response and recovery effort on their behalf
• Assist and lead in the creation of IR Plan and Playbook Development
• Develop policies and procedures to investigate malware incidents for the entire computer network
• Assists in the development and delivery of malware security awareness products and briefings
• Lead in IR Tabletop Exercises

Good to have:

• CISSP/CISM
• GIAC Certified Forensic Examiner (GCFE), GIAC Experienced Forensics Examiner (GX-FE), GIAC Enterprise Incident Response (GEIR), GIAC Cloud Forensics Responder (GCFR), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA), GIAC Certified Incident Handler Certification (GCIH), GIAC Response and Industrial Defense (GRID), GIAC Experienced Forensics Analyst (GX-FA), GIAC Linux Incident Responder (GLIR)
• Experience with standards framework assessments

Required Skills/Abilities

• 5+ years of experience in incident response and forensic investigations
• Experienced in disk, M365, cloud and network investigations and forensics, required
• Proficient at IR/Forensics and TTE After-Action Report writing, required
• Strong analytical and problem-solving skills with the ability to tackle complex challenges.
• Effective communication skills, both written and verbal, to document and share knowledge.
• Ability to adapt and thrive in a fast-paced, evolving technical landscape.
• Proven ability to problem-solve and think critically in a fast-paced environment.

All candidates must be eligible to work in the U.S. for any employer and must be able to pass a background check.
Lumifi welcomes and encourages diversity in our workplace. As an EEO employer all applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, pregnancy, age, disability, genetic disposition, past or present military service or any other classification protected by law.