Recovery and Restoration Engineer - Remote (Anywhere in the U.S.)

GuidePoint Security, LLC

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• The Recovery and Restoration Engineer is a critical member of the Incident Management & Recovery team, responsible for rebuilding and securing infrastructure environments following ransomware or other destructive cyber incidents. This role combines strong on-premises infrastructure expertise with solid Microsoft 365 and Azure tenant recovery experience to restore business operations quickly, securely, and safely.
• Day to day, the engineer manages IT recovery projects involving on-premises endpoint and network infrastructure, Azure AD, and Microsoft 365; develops technical remediation and restoration plans; implements network containment; rebuilds Active Directory domains, DNS/DHCP, and GPO structures; restores and validates virtualized workloads (VMware, Hyper-V); recovers and secures Azure AD identities; rebuilds Exchange Online, SharePoint, OneDrive, and Teams configurations; validates and restores data from backups; utilizes remote management tools; applies Microsoft hardening guidelines; implements compliance controls; develops automation scripts (PowerShell/Python); documents rebuilt configurations; mentors junior engineers; participates in after-hours response rotations; and travels to client sites as required (up to 50%).
• GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The company serves Fortune 500 companies and U.S. government agencies, has over 1,200 employees, strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers. Firmly-defined core values drive the business, fostering a collaborative and mentorship-rich workplace atmosphere.
• In this role, the person can develop deep expertise in cyber incident recovery, lead technical rebuild efforts across identity, compute, storage, and cloud layers, mentor junior engineers, contribute to structured recovery methodologies, and grow their career with a rapidly growing, profitable cybersecurity firm while working on high-impact engagements for top-tier organizations.

🎯 Requirements

• Strong knowledge of Windows Server, Active Directory, Azure AD, and Microsoft 365 administration
• Solid experience with VMware or Hyper-V virtualization platforms
• Proficiency in PowerShell scripting (experience with AzureAD, ExchangeOnline, Graph API modules preferred)
• Working knowledge of backup restoration workflows and immutable storage systems
• Strong understanding of identity security, Conditional Access, Defender for Cloud Apps, and Exchange Online Protection
• Experience with common firewall platforms and network segmentation concepts
• Proven experience in recovery or rebuild scenarios post-incident (ransomware or other destructive attacks)
• Ability to identify common persistence mechanisms and rebuild clean environments under tight timelines
• Working knowledge of NIST CSF, CIS benchmarks, and insurance-driven recovery requirements
• Strong communication and documentation skills across technical and non-technical stakeholders
• Calm and decisive under pressure; able to prioritize critical-path recovery items
• Highly organized with a disciplined approach to communicating recovery milestones, task tracking, and reporting
• Willingness to travel up to 50% to client environments as needed for hands-on rebuilds and validation
• 4–7 years of experience in infrastructure engineering roles, preferably within consulting, MSP, or IR/recovery efforts
• Microsoft certifications (e.g., AZ-104, MS-100, MS-500) or equivalent enterprise experience
• Experience with one or more EDR or security platforms (CrowdStrike, SentinelOne, Defender)
• Demonstrated scripting or automation experience, showing ability to accelerate recovery processes

🏖️ Benefits

• Remote workforce primarily (U.S. based only)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans; HSA contributions: $850 per EE annually / $1750 per family annually)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option

Skills & Technologies

Python

Azure

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

GuidePoint Security, LLC

Visit Website

About GuidePoint Security, LLC

GuidePoint Security provides cybersecurity consulting and managed security services to U.S. government agencies and commercial organizations. Core offerings include security assessments, penetration testing, incident response, threat intelligence, and continuous monitoring through Security Operations Centers. The company partners with leading technology vendors to integrate firewalls, endpoint detection, cloud security, and identity management platforms. Founded in 2011 and headquartered in Herndon, Virginia, GuidePoint employs certified experts who help clients reduce risk, meet compliance requirements, and build resilient architectures against advanced threats. Services are delivered via fixed-price projects and subscription-based managed services aligned to NIST and Zero-Trust frameworks.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.