Incident Response Senior Staff

Your Journey at Crowe Starts Here:

At Crowe, you can build a meaningful and rewarding career. With real flexibility to balance work with life moments, you're trusted to deliver results and make an impact. We embrace you for who you are, care for your well-being, and nurture your career. Everyone has equitable access to opportunities for career growth and leadership. Over our 80-year history, delivering excellent service through innovation has been a core part of our DNA across our audit, tax, and consulting groups. That's why we continuously invest in innovative ideas, such as AI-enabled insights and technology-powered solutions, to enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry.

Job Description:

The Incident Response Senior Staff position at Crowe LLP is a client-facing role designed for professionals in the field of cybersecurity, particularly within incident response (IR). This position requires a higher level of ownership and responsibility compared to entry-level roles, demanding creativity, critical thinking, and the ability to manage complex IR engagements. The successful candidate will engage directly with clients, leading calls and handling deliverables such as analysis and report drafting. This role is ideal for individuals who are passionate about cybersecurity and are eager to apply their expertise in a dynamic, market-facing environment, contributing to the protection and recovery of client systems under attack.

• Interact directly with clients during Incident Response (IR) engagements, providing expert guidance and support.
• Coordinate with IR team members and external resources to execute and complete IR engagements effectively.
• Investigate security incidents, including Business Email Compromise, Ransomware attacks, and Data breaches.
• Assist with on-site incident response engagements, either as the sole on-site resource or in collaboration with other personnel.
• Collect and analyze forensic evidence from impacted systems to support investigations.
• Conduct threat hunting activities using EDR, SIEM, and application logs to identify and remediate threat actor entry and persistence methods.
• Assist with the secure recovery of client environments, ensuring minimal disruption to business operations.
• Prepare detailed reports covering the findings of investigations, providing actionable insights and recommendations.
• Apply incident response knowledge to enhance ongoing cybersecurity practices and strategies.

• Commitment to and proven track record of continually expanding skillsets and knowledge.
• Excellent problem-solving and analytical skills, with a strong attention to detail.
• Strong communication and interpersonal skills to effectively interact with clients and team members.
• Proven adaptability and a drive to learn and master new technologies.
• Ability to maintain focus and composure in high-stress situations.
• Willingness to travel 15% of the time or more, as required.
• 4+ years of experience in Computer Science, Information Technology, or Cybersecurity, or a combination of a minimum of 2 years of experience with equivalent educational experience (such as a bachelor's or higher degree in a related field, or relevant certifications).
• Experience utilizing SIEM or other log aggregation tools such as Splunk, Elastic, FortiSIEM, or Microsoft Sentinel.
• Experience with EDR tools like SentinelOne, CrowdStrike, Carbon Black, or Microsoft Defender for Endpoint.
• Strong understanding of networking, IT, and cybersecurity concepts.
• Proficiency in scripting and command interpreter usage (e.g., Bash, PowerShell, Python).
• Strong documentation skills.

• Previous incident response experience.
• Relevant certifications such as Red Hat Certified Systems Administrator (RHCSA), Linux Foundations Certified Systems Administrator (LFCS), GIAC Certified Incident Handler (GCIH), GIAC Certified Detection Analyst (GCDA), GIAC Public Cloud Security (GPCS), GIAC Cloud Forensics Responder (GCFR), CompTIA Cyber Security Analyst+ (CySA+), CompTIA Advanced Security Practitioner (CASP+), ISC2 Certified Information Systems Security Professional (CISSP), ISC2 Certified Cloud Security Professional (CCSP), EC-Council Certified Incident Handler (ECIH), EC-Council Certified Ethical Hacker (CEH), Cisco Certified Network Professional - Security (CCNP Security), Microsoft Certified Azure Security Engineer Associate (AZ-500), AWS Certified Security - Specialty, or Google Professional Cloud Security Engineer.
• Experience writing detailed incident reports.
• Experience with hypervisors (ESXI, Microsoft Hyper-V, etc.).
• Active Directory administration and buildout experience.
• Experience with backup software (VEEAM, Rubrik, Datto, Druva, Commvault, etc.).
• Experience investigating cloud-based security incidents (AWS, O365, Google Workspace).
• Experience managing and reviewing network hardware configurations (Firewalls, Switches, Routers).
• Experience with identity and access management solutions (Okta, Duo, etc.).
• Experience with digital forensics collection.

This position offers a challenging and rewarding opportunity for seasoned cybersecurity professionals to lead and innovate in the field of incident response, making a significant impact on the security and resilience of our clients' operations.

We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.

Our Benefits:
Your exceptional people experience starts here. At Crowe, we know that great peopleare what makes a great firm. We care about our people and offer employees a comprehensive total rewards package. Learn more about what working at Crowe can mean for you!

How You Can Grow:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper!

More about Crowe:
Crowe (www.crowe.com) is one of the largest public accounting, consulting and technology firms in the United States. Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk and performance services. Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world.

Crowe LLP provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Crowe LLP does not accept unsolicited candidates, referrals or resumes from any staffing agency, recruiting service, sourcing entity or any other third-party paid service at any time. Any referrals, resumes or candidates submitted to Crowe, or any employee or owner of Crowe without a pre-existing agreement signed by both parties covering the submission will be considered the property of Crowe, and free of charge.

Crowe will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. Please visit our webpage to see notices of the various state and local Ban-the-Box laws and Fair Chance Ordinances, where applicable.