[Remote] Senior Recovery and Restoration Engineer- Remote (Anywhere in the U.S.)

Note: The job is a remote job and is open to candidates in USA. GuidePoint Security provides trusted cybersecurity expertise and solutions, helping organizations manage risk. The Senior Recovery and Restoration Engineer is responsible for rebuilding and securing infrastructure environments after cyber incidents, working with clients and internal teams to restore operations efficiently and securely.

Responsibilities

• Lead IT recovery projects involving on-premises endpoint and network infrastructure, Entra ID, and Microsoft 365
• Develop and manage technical remediation and restoration plans tailored to the impact of a client’s environment
• Knowledge of common firewall platforms and ability to implement network containment in preparation for recovery efforts
• Rebuild Active Directory domains, DNS/DHCP, and GPO structures to a clean baseline
• Restore and validate virtualized workloads (VMware, Hyper-V) and critical file/application servers
• Recover and secure Entra ID identities, Conditional Access, and synchronization with on-prem AD
• Rebuild Exchange Online, SharePoint, OneDrive, and Teams configurations
• Validate and restore data from backups (Veeam, Rubrik, Datto, etc.) ensuring integrity and cleanliness
• Knowledge of common remote management tools used to assist impacted clients remotely
• Knowledge of industry standard Microsoft hardening guidelines
• Ability to implement common compliance controls, such as MFA, Defender for Office 365, Purview, etc
• Develop and maintain automation scripts (PowerShell/Python) for recurring recovery workflows
• Document rebuilt configurations and assist client recommendations for hardening and post-incident validation
• Participate in after-hours response rotations
• Travel to client sites as required to perform critical recovery activities and on-site validation. Up to 50% travel

Skills

• Lead IT recovery projects involving on-premises endpoint and network infrastructure, Entra ID, and Microsoft 365
• Develop and manage technical remediation and restoration plans tailored to the impact of a client's environment
• Knowledge of common firewall platforms and ability to implement network containment in preparation for recovery efforts
• Rebuild Active Directory domains, DNS/DHCP, and GPO structures to a clean baseline
• Restore and validate virtualized workloads (VMware, Hyper-V) and critical file/application servers
• Recover and secure Entra ID identities, Conditional Access, and synchronization with on-prem AD
• Rebuild Exchange Online, SharePoint, OneDrive, and Teams configurations
• Validate and restore data from backups (Veeam, Rubrik, Datto, etc.) ensuring integrity and cleanliness
• Knowledge of common remote management tools used to assist impacted clients remotely
• Knowledge of industry standard Microsoft hardening guidelines
• Ability to implement common compliance controls, such as MFA, Defender for Office 365, Purview, etc
• Develop and maintain automation scripts (PowerShell/Python) for recurring recovery workflows
• Document rebuilt configurations and assist client recommendations for hardening and post-incident validation
• Participate in after-hours response rotations
• Travel to client sites as required to perform critical recovery activities and on-site validation. Up to 50% travel
• Advanced knowledge of Windows Server, Active Directory, Entra ID, and Microsoft 365 administration
• Strong experience with VMware or Hyper-V virtualization platforms
• Proficiency in PowerShell. Prefer experience with Entra ID, Exchange Online, and Graph API modules
• Familiarity with backup restoration workflows and immutable storage systems
• Solid understanding of identity security, Conditional Access, Defender for Cloud Apps, and Exchange Online Protection
• Demonstrated success in recovery or rebuild scenarios post-incident, including ransomware or other destructive attacks
• Ability to identify persistence mechanisms and rebuild clean environments under tight timelines
• Working knowledge of NIST CSF, CIS benchmarks, and insurance-driven recovery requirements
• Excellent communication and documentation skills across technical and non-technical stakeholders
• Proven ability to work alongside IR firms, legal counsel, and insurers during live recovery engagements
• Capable of mentoring junior engineers and improving structured rebuild approaches
• Calm and decisive under pressure and able to prioritize critical-path recovery items
• Highly organized with a disciplined approach to communicating recovery milestones, task tracking, and reporting
• Willingness to travel up to 50% to client environments as needed for hands-on rebuilds and validation
• 5–8 years of experience in infrastructure engineering roles, preferably within consulting, MSP, or IR/recovery efforts
• Microsoft certifications (e.g., AZ-104, MS-100, MS-500, SC-300) or equivalent enterprise experience
• Experience with one or more EDR or security platforms (CrowdStrike, SentinelOne, Defender)
• Strong scripting or automation experience, demonstrating process acceleration in rebuilds

Benefits

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option

Company Overview

• GuidePoint Security provides customized, innovative & valuable Information Security solutions that enable commercial federal organizations. It was founded in 2011, and is headquartered in Herndon, Virginia, USA, with a workforce of 1001-5000 employees. Its website is https://www.guidepointsecurity.com/.

Company H1B Sponsorship

• GuidePoint Security has a track record of offering H1B sponsorships, with 11 in 2025, 14 in 2024, 2 in 2023, 1 in 2022. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job