Use your LinkedIn profile to find the right job match for you.

Job Match
Skip to main content

Incident Response Lab Tech/Intake Consultant - Secureworks - Remote, USA (west coast preferred)

Denver, Colorado

Apply now
Job ID R030480 Date posted Sep. 06, 2019

Incident Response Lab Tech/Intake Consultant - Secureworks - Remote, US (west coast preferred)

Secureworks® (NASDAQ: SCWX) is a technology-driven cybersecurity leader that protects organizations in the digitally connected world. Built on proprietary technologies and world-class threat intelligence, our applications and solutions help prevent, detect, and respond to cyber threats.  Red Cloak™ software brings advanced threat analytics to thousands of customers, and the Secureworks Counter Threat Platform™ processes over 300B threat events per day. We understand complex security environments and are passionate about simplifying security with Defense in Concert™ so that security becomes a business enabler. More than 4,000 customers across over 50 countries are protected by Secureworks, benefit from our network effect and are Collectively Smarter. Exponentially Safer.™

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.  

Role Overview

The Incident Response/Intake Consultant is a fast paced technical consulting role that is the first interaction many clients have with Secureworks when they seek assistance for cyber incident response, cyber incident preparedness services, and threat intelligence services. A seasoned professional with excellent client interaction skills and appropriate technical knowledge will be successful in this role - focusing on demonstrating excellent client service through facilitating conference calls with prospects and clients to determine the type and scope of the computer security incident they’re experiencing. 
It is critical to the contracting and delivery processes that we obtain correct and thorough technical information about the client environment and current incident, as well as proper project scope with aligned expectations between Secureworks and the prospect or client. This role also provides initial triage instructions to the prospect/client on how to preserve artifacts and initiate standard information gathering activities before transitioning to a service delivery team.

As part of the above described responsibilities, this role will coordinate between stakeholders to include the prospect or client, service delivery specialists, and account executives in order to determine a course of action for incoming service requests. The incumbent will monitor several communication channels, answer inbound telephone calls, address client emails, triage service requests, and coordinate the scheduling of teleconference calls to discuss potential service delivery events. Additional duties include, but are not limited to, technical and logistic execution of digital forensic investigations in support of Secureworks' customers. Such responsibilities include collecting digital forensic evidence, analyzing a variety of forensic evidence such as disk and memory images, maintaining thorough investigative notes and documentation, writing detailed investigative reports, and presenting these reports to both technical and non-technical audiences. Candidates require a background in digital forensics, information technology, computer science, and information security. Candidates must exhibit competencies in communication soft-skills, specifically technical writing and the ability to translate technical jargon into meaningful language for business audiences.

Location: Remote, USA. Would prefer someone located on the west coast.

This position may require flexible work hours to provide coverage across multiple time zones. Targeting 1-9pm ET.

Role Responsibilities

  • Serve as subject matter expert in incident response and digital forensics
  • Perform complex incident response technical analysis and develop technical conclusions based on analysis of evidence; review analysis and conclusions of other consultants
  • Document findings, develop incident response remediation recommendations and present oral and written reports for clients
  • Able to work on multiple projects concurrently
  • Able to manage time effectively among multiple competing priorities
  • Able to operate independently, requiring minimal supervision in the execution of various tasks and projects
  • Able to operate within and accommodate an environment and schedule largely dictated by customers' needs and time frames
  • Manage Digital Forensics and Incident Response investigations through the examination of digital evidence
  • Apply analytical reasoning towards the achievement of investigative goals, such as root cause analysis
  • Maintain thorough investigative notes and other documentation
  • Present key investigative findings, verbally and in writing, to both technical and non-technical audiences
  • Monitor several communication channels for Incoming IR and threat intelligence enrichment service requests
  • Take ownership of, triage, and update tracking systems for service requests
  • Provide instructions in written and oral formats to prospects and clients for media handling and artifact collection that are required for IR and TI enrichment service requests
  • Document all communications with clients and intradepartmental constituents related to outstanding service requests in order to escalate to the next level and track intake activities
  • Route service requests to the proper service delivery team with the appropriate level of urgency and communication channel in a professional and courteous manner with an emphasis on client satisfaction. Assess and escalate to the next level as needed
  • Manage urgent and critical interactions with all levels of prospect and client staff from Leadership to Technical Staff
  • Maintain professional, calming, and authoritative presence in crisis situations


  • Minimum of 3 years of advanced security, digital and network forensics experience
  • Minimum of 1 years of experience with one or more of the following tools: Encase, FTK, X-Ways, F-Response, Volatility, Open Source Forensics Tools
  • Minimum of one or more of the following certifications: GREM, GCFA, GCFE, CISA or CISSP


  • Malware analysis experience
  • Understanding of vulnerabilities and tools used to discover, analyze, and exploit vulnerabilities
  • Bachelor's degree in computer science, information systems, information assurance, or equivalent work experience
  • Familiar with tactics, techniques, and procedures commonly employed by threat actors, and their motivations
  • Understanding of at least one framework: ISO 27001/2, FISMA, PCI, HITRUST, NIST 800-series, CoBIT, PCI, etc.
  • Strong technical communication skills (oral and written) including experience briefing executive management and desire to work with clients to solve complex security issues, including at times in crisis situations
  • Experience briefing senior-level leadership, and conveying technical subject matter to audiences of varying backgrounds and skill levels

Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.  Learn more about Diversity and Inclusion at Secureworks here.

Employees at work Explore This Location

Related Stories