Crowe
Incident Response Senior Staff
The Incident Response Senior Staff position at Crowe LLP is a client-facing role designed for professionals in the field of cybersecurity, particularly within incident response (IR). This position requires a higher level of ownership and responsibility compared to entry-level roles, demanding creativity, critical thinking, and the ability to manage complex IR engagements. The successful candidate will engage directly with clients, leading calls and handling deliverables such as analysis and report drafting. This role is ideal for individuals who are passionate about cybersecurity and are eager to apply their expertise in a dynamic, market-facing environment, contributing to the protection and recovery of client systems under attack. Responsibilities
Interact directly with clients during Incident Response (IR) engagements, providing expert guidance and support. Coordinate with IR team members and external resources to execute and complete IR engagements effectively. Investigate security incidents, including Business Email Compromise, Ransomware attacks, and Data breaches. Assist with on-site incident response engagements, either as the sole on-site resource or in collaboration with other personnel. Collect and analyze forensic evidence from impacted systems to support investigations. Conduct threat hunting activities using EDR, SIEM, and application logs to identify and remediate threat actor entry and persistence methods. Assist with the secure recovery of client environments, ensuring minimal disruption to business operations. Prepare detailed reports covering the findings of investigations, providing actionable insights and recommendations. Apply incident response knowledge to enhance ongoing cybersecurity practices and strategies. Requirements
Commitment to and proven track record of continually expanding skillsets and knowledge. Excellent problem-solving and analytical skills, with a strong attention to detail. Strong communication and interpersonal skills to effectively interact with clients and team members. Proven adaptability and a drive to learn and master new technologies. Ability to maintain focus and composure in high-stress situations. Willingness to travel 15% of the time or more, as required. 4+ years of experience in Computer Science, Information Technology, or Cybersecurity, or a combination of a minimum of 2 years of experience with equivalent educational experience (such as a bachelor's or higher degree in a related field, or relevant certifications). Experience utilizing SIEM or other log aggregation tools such as Splunk, Elastic, FortiSIEM, or Microsoft Sentinel. Experience with EDR tools like SentinelOne, CrowdStrike, Carbon Black, or Microsoft Defender for Endpoint. Strong understanding of networking, IT, and cybersecurity concepts. Proficiency in scripting and command interpreter usage (e.g., Bash, PowerShell, Python). Strong documentation skills. Preferred Qualifications
Previous incident response experience. Relevant certifications such as Red Hat Certified Systems Administrator (RHCSA), Linux Foundations Certified Systems Administrator (LFCS), GIAC Certified Incident Handler (GCIH), GIAC Certified Detection Analyst (GCDA), GIAC Public Cloud Security (GPCS), GIAC Cloud Forensics Responder (GCFR), CompTIA Cyber Security Analyst+ (CySA+), CompTIA Advanced Security Practitioner (CASP+), ISC2 Certified Information Systems Security Professional (CISSP), ISC2 Certified Cloud Security Professional (CCSP), EC-Council Certified Incident Handler (ECIH), EC-Council Certified Ethical Hacker (CEH), Cisco Certified Network Professional Security (CCNP Security), Microsoft Certified Azure Security Engineer Associate (AZ-500), AWS Certified Security Specialty, or Google Professional Cloud Security Engineer. Experience writing detailed incident reports. Experience with hypervisors (ESXI, Microsoft Hyper-V, etc.). Active Directory administration and buildout experience. Experience with backup software (VEEAM, Rubrik, Datto, Druva, Commvault, etc.). Experience investigating cloud-based security incidents (AWS, O365, Google Workspace). Experience managing and reviewing network hardware configurations (Firewalls, Switches, Routers). Experience with identity and access management solutions (Okta, Duo, etc.). Experience with digital forensics collection. We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Crowe, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $84,700.00 - $168,900.00 per year. Crowe LLP provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
The Incident Response Senior Staff position at Crowe LLP is a client-facing role designed for professionals in the field of cybersecurity, particularly within incident response (IR). This position requires a higher level of ownership and responsibility compared to entry-level roles, demanding creativity, critical thinking, and the ability to manage complex IR engagements. The successful candidate will engage directly with clients, leading calls and handling deliverables such as analysis and report drafting. This role is ideal for individuals who are passionate about cybersecurity and are eager to apply their expertise in a dynamic, market-facing environment, contributing to the protection and recovery of client systems under attack. Responsibilities
Interact directly with clients during Incident Response (IR) engagements, providing expert guidance and support. Coordinate with IR team members and external resources to execute and complete IR engagements effectively. Investigate security incidents, including Business Email Compromise, Ransomware attacks, and Data breaches. Assist with on-site incident response engagements, either as the sole on-site resource or in collaboration with other personnel. Collect and analyze forensic evidence from impacted systems to support investigations. Conduct threat hunting activities using EDR, SIEM, and application logs to identify and remediate threat actor entry and persistence methods. Assist with the secure recovery of client environments, ensuring minimal disruption to business operations. Prepare detailed reports covering the findings of investigations, providing actionable insights and recommendations. Apply incident response knowledge to enhance ongoing cybersecurity practices and strategies. Requirements
Commitment to and proven track record of continually expanding skillsets and knowledge. Excellent problem-solving and analytical skills, with a strong attention to detail. Strong communication and interpersonal skills to effectively interact with clients and team members. Proven adaptability and a drive to learn and master new technologies. Ability to maintain focus and composure in high-stress situations. Willingness to travel 15% of the time or more, as required. 4+ years of experience in Computer Science, Information Technology, or Cybersecurity, or a combination of a minimum of 2 years of experience with equivalent educational experience (such as a bachelor's or higher degree in a related field, or relevant certifications). Experience utilizing SIEM or other log aggregation tools such as Splunk, Elastic, FortiSIEM, or Microsoft Sentinel. Experience with EDR tools like SentinelOne, CrowdStrike, Carbon Black, or Microsoft Defender for Endpoint. Strong understanding of networking, IT, and cybersecurity concepts. Proficiency in scripting and command interpreter usage (e.g., Bash, PowerShell, Python). Strong documentation skills. Preferred Qualifications
Previous incident response experience. Relevant certifications such as Red Hat Certified Systems Administrator (RHCSA), Linux Foundations Certified Systems Administrator (LFCS), GIAC Certified Incident Handler (GCIH), GIAC Certified Detection Analyst (GCDA), GIAC Public Cloud Security (GPCS), GIAC Cloud Forensics Responder (GCFR), CompTIA Cyber Security Analyst+ (CySA+), CompTIA Advanced Security Practitioner (CASP+), ISC2 Certified Information Systems Security Professional (CISSP), ISC2 Certified Cloud Security Professional (CCSP), EC-Council Certified Incident Handler (ECIH), EC-Council Certified Ethical Hacker (CEH), Cisco Certified Network Professional Security (CCNP Security), Microsoft Certified Azure Security Engineer Associate (AZ-500), AWS Certified Security Specialty, or Google Professional Cloud Security Engineer. Experience writing detailed incident reports. Experience with hypervisors (ESXI, Microsoft Hyper-V, etc.). Active Directory administration and buildout experience. Experience with backup software (VEEAM, Rubrik, Datto, Druva, Commvault, etc.). Experience investigating cloud-based security incidents (AWS, O365, Google Workspace). Experience managing and reviewing network hardware configurations (Firewalls, Switches, Routers). Experience with identity and access management solutions (Okta, Duo, etc.). Experience with digital forensics collection. We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Crowe, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $84,700.00 - $168,900.00 per year. Crowe LLP provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.