Incident Response Principal

  • Individual Contributor
  • Remote-Friendly
  • Remote, US (Remote)
  • This position has been filled
  • Experience level: 5+ years

Website zerofox ZeroFox

This content was reproduced from the employer’s website on May 3, 2023. Please visit their website below for the most up-to-date information about this position.

ZeroFox seeks an Incident Response Principal to leverage their experience and skills to deliver cybersecurity guidance and services to clients preparing and responding to cyber incidents. In this role, you will use your deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers. You bring specialized experience with the desire to learn more. The successful candidate will be passionate about cyber security, digital investigations and continuous learning and possess sound business judgment, strong consulting skills, and current technical skills. Candidates will be expected to be skilled at responding to cybersecurity incidents under tight deadlines and be able to explain technical concepts to a non-technical audience.


    • Investigate network intrusions and other cybersecurity incidents to understand the cause and extent of the breach.
    • Perform host-based and network-based analysis across all major operating systems and network device platforms.
    • Produce high-quality oral and written work products based on analysis.
    • Assist with internal practice development and training initiatives.
    • Ability to perform malware analysis.
    • Develop and refine policies and procedures for forensic and malware analysis.
    • Experience with scripting and command-line tools.
    • Ability to provide after-hours support as needed.

Desired qualifications and skills

    • Conduct technical investigations including acquisition, triage, and analysis
    • Strong written and oral communication skills; comfortable with providing briefings and presentations.
    • Deploy security tools to assist with detecting, responding, containing, and remediating threats.
    • Able to solve problems in fast-paced situations and implement countermeasures.
    • Experience writing detections and perform threat hunting using EDR and SIEM technologies.
    • Familiarity with the Mitre ATT&CK framework.
    • Security related certifications preferred (GIAC GCIH, GCFA, CISSP, CEH, etc.)
    • 5+ years of hand-on experience in digital forensics and incident response