Head of Incident Response

The Role:

Halcyon is passionately committed to forging an innovative anti-ransomware solution, pushing the boundaries of what a security product can accomplish in the contemporary cyber threat landscape. With this in mind, we are seeking a Head of Incident Response to fill a vital role, necessitating a complex blend of high-level analytical skills, customer facing capabilities, and incident response/digital forensic (“DFIR”) experience.

The ideal candidate will play a key role in delivering technical services to ransomware victims and Halcyon customers to provide data recovery and/or DFIR services. This includes strong technical knowledge of ransomware Tools, Tactics, and Procedures (“TTPs”) and be able to facilitate projects at an executive and technical level. Our ideal candidate can coordinate with technical staff, executive leadership, internal and external clients, and legal counsel.

The goal is to support our customers with the highest possible service, allowing them to recover as gracefully as possible from a disruptive ransomware event.

Responsibilities:

1. Hire, lead, and develop a highly technical consulting workforce. Responsible for the career growth, training, and development of workforce skills and capabilities.

2. Lead engagements and facilitate all functions both internal and external during professional services engagement.

3. Determine the tools, processes, and procedures to operate our professional services organization.

4. Collaborate with internal and customer teams to investigate and contain incidents.

5. Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations.

6. Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOC) that can be applied to current and future investigations.

7. Build scripts, tools, or methodologies to enhance Halcyon’s incident investigation processes.

8. Develop and present comprehensive and accurate reports, training's and presentations for both technical and executive audiences.

9. Collaborate with cross-functional teams like Customer Success and Engineering to ensure efficient communication and coordination during security events. Work alongside these teams to aid customers in mitigating attacks and participate in post-incident reviews, sharing knowledge and best practices with the team to enhance future threat detection and response initiatives.

10. Perform the technical design and implementation of the Halcyon software on customer networks.

11. Ability to travel up to 35% of the time as needed.
    
    

Technical Skills and Qualifications:

1. Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools for host and network analysis.

2. Quick decision-making skills and expertise in incident prioritization and response.

3. Experience in alert correlation tools to detect and handle security incidents effectively (Sigma, SPL/KQL)

4. Strong demonstrated recent experience with scripting languages (Python, Shell Script, etc.) for task automation.

5. Strong technical experience in three of the five areas below

   • Host forensics (Windows / Mac / Linux)

   • Network traffic analysis

   • Log Review

   • Malware triage

   • Cloud technologies, including AWS, Azure, and GCP
     
     

General Skills and Qualifications:

1. Ability to build relationships with and understand business needs of customers and deliver demonstrable value

2. Experience as an incident commander during cybersecurity events, capable of coordinating all aspects of the response activities to internal and external parties.

3. Ability to multitask, prioritize, and take-charge during stressful situations

4. Excellent interpersonal skills for effective cross-functional collaboration; ability to clearly convey technical information to non-technical team members.

5. Experience with executing software and/or network projects through the complete engineering process.

6. Experience documenting and automating repetitive tasks and playbooks

7. Willingness to participate in an on call rotation that may include evening/weekend work, as required

8. BS/CS degree, or equivalent experience.

Bonus Skills and Qualifications: Additional skills and qualifications that may apply

1. Binary Disassembly and Reverse Engineering: Proficiency in using binary disassembly tools such as IDA Pro or Ghidra, coupled with strong skills in reverse engineering. This includes a particular focus on analyzing and understanding malware behaviors.

2. Relevant industry certifications, such as but not limited to GIAC Certified Incident Analyst (GCIA), Certified Computer Security Incident Handler (CSIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), CREST Certified Incident Manager, or CREST Certified-Network Intrusion Analyst Certification

Benefits:

Halcyon offers the following benefits to eligible employees:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.

• Short and long-term disability coverage, basic life and AD&D insurance plans.

• Medical and dependent care FSA options.

• 401k plan with a generous employer contribution.

• Flexible PTO policy.

• Parental leave.

• Generous equity offering.

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Base Salary Range: $165,000 - $190,000