Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

The Incident Response Identity Consultant will be responsible for communicating, planning, and directing customers in preparation and response to major incidents affecting on-prem AD (Active Directory) and Microsoft Entra ID.

Role Responsibilities:

Proactive engagements:

• Understand customers' exposure to poor identity practices and advise customers on practical steps to improve their security posture.
• Train customers on how to defend their AD, by demonstrating how AD attacks work.
• Work with customers to audit existing security controls and practices around identity management with AD/Entra ID.
• Be a key stakeholder in customer facing runbooks.
• Provide SME input to Taegis detector authors in order to develop detectors for identity-based attacks.
• Share knowledge with wider IR practice regarding identity-based threats in on-prem AD and Entra ID.

Emergency engagements:

• Work with Incident Commanders and other Incident Response Consultants during incident response investigations where identified intrusion activity necessitates AD SME support.
• Guide customers through the journey of regaining control of their AD after it has been compromised by a threat actor.
• Advise customers on immediate AD hardening steps that can be taken to maintain control of AD after an eviction effort.
• Develop architectural recommendations during a cybersecurity incident to improve the resilience of customers' AD.

Requirements:

• Minimum 5 years Microsoft Active Directory experience
• Minimum 1 year Microsoft Entra ID experience
• Willingness to travel up to 10%, including on short notice
• Willingness to directly work with multiple customers on different engagements in parallel
• Excellent written and oral communication skills
• Enjoys explaining complex technical issues to make non-technical audiences understand the 'so what?'

Preferences:

• Consulting experience with large external customers, preferably with large multinational organisations
• Project management experience working with multiple teams, to include negotiating timelines and project requirements
• Keen interest in the security aspects of identity
• Familiarity with collecting and enumerating AD data
• Experience as systems administrator in an enterprise environment