This role joins SpearTip, the cybersecurity consulting segment within Zurich Resilience Solutions. Blending cutting-edge technologies, unique skill sets, and proven cyber counterintelligence strategies, SpearTip partners with our clients to protect shareholder value, shield corporate reputations, and enhance long-term profits. We are driven to protect our clients from the ever-changing threat actors and become the gold standard in detecting zero-day vulnerabilities. In this role you make work virtual within the U.S. and extend up to 20% travel.
As a Senior Incident Response Consultant, you will deliver expert incident response and digital forensics services to external clients experiencing cyber security incidents. Leads complex investigations, provides strategic guidance during security breaches, and drives incident containment and recovery efforts. Maintains 75% billable utilization while delivering exceptional client service and building long-term client relationships. The job's core deliverables rely on delivering expert consulting services to external clients during high-stress security incidents. Requires building trust with C-level executives, IT leaders, legal counsel, and insurance partners while managing complex multi-stakeholder relationships during crisis situations.
Key Accountabilities:
Lead incident response engagements for external clients, conducting digital forensics investigations, malware analysis, and threat actor attribution to identify scope, impact, and root cause of security incidents.Provide 24/7 on-call emergency response services, rapidly deploying to client sites or remotely connecting to contain active threats, preserve evidence, and minimize business disruption.Conduct comprehensive forensic examinations of compromised systems, networks, and cloud environments using industry-standard tools and methodologies to support client remediation and potential legal proceedings.Deliver executive-level briefings and written reports to clients, translating complex technical findings into business impact assessments and actionable recommendations.Coordinate with client stakeholders including IT teams, legal counsel, insurance carriers, law enforcement, and executive leadership to manage incident response activities and communication strategies.Provide expert guidance on ransomware negotiations, business email compromise investigations, insider threat cases, and advanced persistent threat incidents.Develop and deliver incident response retainer services, conducting proactive readiness assessments, tabletop exercises, and security program evaluations for client organizations.Mentor junior consultants and analysts, providing technical guidance and quality assurance on client deliverables.Maintain detailed case documentation, time tracking, and engagement status reporting to ensure accurate billing and project management.Partner with insurance brokers, managed service providers, and law firms to provide incident response services as part of cyber insurance claims and breach response protocols.Stay current on emerging threats, attack techniques, and forensic methodologies through continuous research and professional development.Contribute to thought leadership initiatives including blog posts, conference presentations, and client education materials.Business Travel, as required (may be extensive during active incidents) as well as extended hours during Active Incidents/24x7 On-call Rotation, flexible scheduling to accommodate client emergencies and time-sensitive investigations, as required. Additional Business Accountabilities:
Develop scopes of work and cost estimates for incident response engagements, ensuring projects are appropriately resourced and profitably delivered.Identify opportunities for expanded client engagements based on investigation findings, security gaps, and client needs.Support business development activities including client presentations, capability demonstrations, and proposal development for new and existing clients.Ensure all client deliverables meet quality standards and are delivered within agreed timelines and budgets. Basic Qualifications:
Bachelors degree and 5 or more years experience in the Information Technology area
ORZurich Cybersecurity Technician Apprentice, including Cyber Security Certification and 6 or more years experience in the Information Technology area
ORHigh School Diploma or Equivalent and 7 or more years experience in the Information Technology area
ANDMS Office experience
ANDKnowledge of Cyber Security Operations Preferred Functional/Technical Skills Qualifications:
Digital Forensics & Incident Response - Proficiency Level AdvancedThreat Intelligence & Malware Analysis - Proficiency Level IntermediateClient Communication & Stakeholder Management - Proficiency Level AdvancedWindows/Linux System Forensics - Proficiency Level AdvancedNetwork Forensics & Log Analysis - Proficiency Level IntermediateCloud Security (Azure/AWS/M365) - Proficiency Level IntermediateForensic Tool Proficiency (EnCase, FTK, X-Ways, Volatility, etc.) - Proficiency Level AdvancedRansomware & BEC Investigations - Proficiency Level AdvancedReport Writing & Executive Communication - Proficiency Level AdvancedProject Management - Proficiency Level Intermediate We offer competitive pay and comprehensive benefits for employees and their families. [Learn more about Total Rewards .]
Why Zurich?
At Zurich, we value your ideas and experience. We offer growth, inclusion, and a supportive environment—so you can help shape the future of insurance. Zurich North America is a leader in risk management, with over 150 years of expertise and coverage across 25+ industries, including 90% of the Fortune 500®.
Join us for a brighter future—for yourself and our customers.
Zurich in North America does not discriminate based on race, ethnicity, color, religion, national origin, sex, gender expression, gender identity, genetic information, age, disability, protected veteran status, marital status, sexual orientation, pregnancy or other characteristics protected by applicable law. Equal Opportunity Employer disability/vets.
Zurich complies with 18 U.S. Code § 1033.
Location(s): AM - Remote Work (US), AM - Missouri Virtual Office
Remote Working: Yes
Schedule: Full Time
Employment Sponsorship Offered: No
Linkedin Recruiter Tag: #LI-AW1 #LI-ASSOCIATE #LI-REMOTE