Incident Response Principal
Savannah, GA /
Operations – Response /
ZeroFox seeks an Incident Response Principal to leverage their experience and skills to deliver cybersecurity guidance and services to clients preparing and responding to cyber incidents. In this role, you will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers. You bring specialized experience with the desire to learn more. The successful candidate will be passionate about cyber security, digital investigations and continuous learning and possess sound business judgment, strong consulting skills, and current technical skills. Candidates will be expected to be skilled at responding to cybersecurity incidents under tight deadlines and be able to explain technical concepts to a non-technical audience.
- Investigate network intrusions and other cybersecurity incidents to understand the cause and extent of the breach.
- Perform host-based and network-based analysis across all major operating systems and network device platforms.
- Produce high-quality oral and written work products based on analysis.
- Assist with internal practice development and training initiatives.
- Ability to perform malware analysis.
- Develop and refine policies and procedures for forensic and malware analysis.
- Experience with scripting and command-line tools.
- Ability to provide after-hours support as needed.
Desired qualifications and skills
- Conduct technical investigations including acquisition, triage, and analysis
- Strong written and oral communication skills; comfortable with providing briefings and presentations.
- Deploy security tools to assist with detecting, responding, containing, and remediating threats.
- Able to solve problems in fast-paced situations and implement countermeasures.
- Experience writing detections and perform threat hunting using EDR and SIEM technologies.
- Familiarity with the Mitre ATT&CK framework.
- Security related certifications preferred (GIAC GCIH, GCFA, CISSP, CEH, etc.)
- 5+ years of hand-on experience in digital forensics and incident response
- Competitive compensation and benefits
- Community-driven culture
- Generous time off
- Comprehensive health benefits & 401(k) plan
- Fun, modern workspace with regular team events
- Wellness offerings
- Ready to apply? Visit us at https://www.zerofox.com/careers to find out more and join the best team in the security industry.
- Not ready to apply? Email careers_at_zerofox_dot_com to speak with a member of the team!
- Work to be performed entirely outside of the state of Colorado
ZeroFox’s mission is clear: we protect customers - their data, their assets and their people - across the internet. Through AI-powered technology, global intelligence collection and services provided by a team of expert analysts and threat hunters, we give customers the protection and intelligence needed to disrupt a new era of attacks on the surface, deep and dark web. Now is a great time to join the Fox Den: we recently announced our intent to become a publicly traded company via a merger with L&F Acquisition Corp. and were named a Top Workplace by the Baltimore Sun. With $150M+ in funding to date, recognition from Forrester as best-in-class in brand intelligence and numerous awards and honors, joining the ZeroFox team means joining a culture that is committed to excellence and growth. That means committing to the success of each of our employees so you can be the best version of yourself on the best team. If you’re ready to join a team that is mission-oriented, customer-focused, collaborative and dedicated, you’ve come to the right place.
Equal Opportunity, Diversity & Inclusion
We aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.