Manager, Recovery & Restoration

Summary

Join GuidePoint Security's Ransomware Recovery & Restoration Team as a Manager, leading a team of skilled recovery engineers and shaping the future of ransomware recovery. You will define and evolve processes, playbooks, and team structure, collaborating with Incident Response and Threat Actor Communications teams. This role demands strong cybersecurity/IT foundation, crisis leadership, client-facing consulting experience, and a collaborative approach. Responsibilities include team management, engagement oversight, cross-team collaboration, process improvement, and reporting. The ideal candidate possesses extensive experience in cybersecurity and leadership, a deep understanding of enterprise infrastructure, and exceptional communication skills.

Requirements

• 7+ years of experience in cybersecurity, infrastructure engineering, system administration, or digital forensics, with at least 2 years in a leadership role
• Experience designing or scaling technical recovery, remediation, or incident response functions
• Strong understanding of enterprise infrastructure (Windows/Linux systems, Active Directory, virtualization, storage, networking, firewalls)
• Hands-on experience with ransomware recovery, backup validation, or post-compromise remediation
• Exceptional communication, stakeholder management, and crisis leadership skills

Responsibilities

• Function Development & Ownership Serve as a key stakeholder leading in the design, development, and operationalization of the Ransomware Recovery & Restoration team
• Develop and continuously improve recovery workflows, standard operating procedures (SOPs), tooling, metrics, and service offerings
• Contribute to long-term strategy and capability roadmaps for the restoration function within GuidePoint Security, in coordination with IR and TAC leadership
• Help drive business strategy and considerations in collaboration with other internal functions
• Team Leadership & Management Recruit, lead, and mentor a team of engineers tasked with restoring business-critical systems following ransomware attacks
• Oversee resourcing, scheduling, performance management, and skill development for team members
• Foster a mission-focused, high-accountability team culture
• Engagement Oversight Lead and coordinate ransomware recovery engagements including IR tooling deployment, infrastructure rebuilding, user/system restoration, and post-incident validation
• Ensure consistent execution in line with best practices and client needs
• Act as senior escalation point for complex technical or stakeholder challenges during recovery operations
• Cross-Team Collaboration Act as the key point of alignment between Recovery, Incident Response, and Threat Actor Communications teams
• Ensure coordination of timelines, technical actions, and client messaging across teams during active engagements
• Support post-incident reviews and knowledge-sharing across the broader security/IT organization
• Client Engagement Interface directly with client stakeholders during incidents, providing clear and technically sound guidance throughout the recovery process
• Support engagement scoping, expectations management, and post-recovery reporting
• Process Improvement & Reporting Continuously assess and enhance team performance, operational efficiency, and client satisfaction
• Track and report on team metrics, hours submission, utilization goals, recovery timelines, and engagement outcomes
• Identify and champion automation opportunities, new tooling, and operational refinements

Preferred Qualifications

• Experience with Ransomware and other Incident Response efforts requiring Recovery and Restoration assistance, and collaborating with or leading Incident Response and/or Threat Actor Communications efforts
• Knowledge of common ransomware variants and behaviors, negotiation considerations, and post-infection workflows
• Familiarity with tools such as Veeam, Acronis, Commvault, forensic imaging software, or endpoint detection solutions
• Certifications such as GCFA, GCIH, CISA, CISSP, or related

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option