Senior Incident Response Consultant

This role joins SpearTip, the cybersecurity consulting segment within Zurich Resilience Solutions. Blending cutting-edge technologies, unique skill sets, and proven cyber counterintelligence strategies, SpearTip partners with our clients to protect shareholder value, shield corporate reputations, and enhance long-term profits. We are driven to protect our clients from the ever-changing threat actors and become the gold standard in detecting zero-day vulnerabilities. In this role you make work virtual within the U.S. and extend up to 20% travel.

As a Senior Incident Response Consultant, you will deliver expert incident response and digital forensics services to external clients experiencing cyber security incidents. Leads complex investigations, provides strategic guidance during security breaches, and drives incident containment and recovery efforts. Maintains 75% billable utilization while delivering exceptional client service and building long-term client relationships. The job's core deliverables rely on delivering expert consulting services to external clients during high-stress security incidents. Requires building trust with C-level executives, IT leaders, legal counsel, and insurance partners while managing complex multi-stakeholder relationships during crisis situations.

Key Accountabilities:

• Lead incident response engagements for external clients, conducting digital forensics investigations, malware analysis, and threat actor attribution to identify scope, impact, and root cause of security incidents.
• Provide 24/7 on-call emergency response services, rapidly deploying to client sites or remotely connecting to contain active threats, preserve evidence, and minimize business disruption.
• Conduct comprehensive forensic examinations of compromised systems, networks, and cloud environments using industry-standard tools and methodologies to support client remediation and potential legal proceedings.
• Deliver executive-level briefings and written reports to clients, translating complex technical findings into business impact assessments and actionable recommendations.
• Coordinate with client stakeholders including IT teams, legal counsel, insurance carriers, law enforcement, and executive leadership to manage incident response activities and communication strategies.
• Provide expert guidance on ransomware negotiations, business email compromise investigations, insider threat cases, and advanced persistent threat incidents.
• Develop and deliver incident response retainer services, conducting proactive readiness assessments, tabletop exercises, and security program evaluations for client organizations.
• Mentor junior consultants and analysts, providing technical guidance and quality assurance on client deliverables.
• Maintain detailed case documentation, time tracking, and engagement status reporting to ensure accurate billing and project management.
• Partner with insurance brokers, managed service providers, and law firms to provide incident response services as part of cyber insurance claims and breach response protocols.
• Stay current on emerging threats, attack techniques, and forensic methodologies through continuous research and professional development.
• Contribute to thought leadership initiatives including blog posts, conference presentations, and client education materials.
• Business Travel, as required (may be extensive during active incidents) as well as extended hours during Active Incidents/24x7 On-call Rotation, flexible scheduling to accommodate client emergencies and time-sensitive investigations, as required.

Additional Business Accountabilities:

• Develop scopes of work and cost estimates for incident response engagements, ensuring projects are appropriately resourced and profitably delivered.
• Identify opportunities for expanded client engagements based on investigation findings, security gaps, and client needs.
• Support business development activities including client presentations, capability demonstrations, and proposal development for new and existing clients.
• Ensure all client deliverables meet quality standards and are delivered within agreed timelines and budgets.

Basic Qualifications:

• Bachelors degree and 5 or more years experience in the Information Technology area
  OR
• Zurich Cybersecurity Technician Apprentice, including Cyber Security Certification and 6 or more years experience in the Information Technology area
  OR
• High School Diploma or Equivalent and 7 or more years experience in the Information Technology area
  AND
• MS Office experience
  AND
• Knowledge of Cyber Security Operations

Preferred Functional/Technical Skills Qualifications:

• Digital Forensics & Incident Response - Proficiency Level Advanced
• Threat Intelligence & Malware Analysis - Proficiency Level Intermediate
• Client Communication & Stakeholder Management - Proficiency Level Advanced
• Windows/Linux System Forensics - Proficiency Level Advanced
• Network Forensics & Log Analysis - Proficiency Level Intermediate
• Cloud Security (Azure/AWS/M365) - Proficiency Level Intermediate
• Forensic Tool Proficiency (EnCase, FTK, X-Ways, Volatility, etc.) - Proficiency Level Advanced
• Ransomware & BEC Investigations - Proficiency Level Advanced
• Report Writing & Executive Communication - Proficiency Level Advanced
• Project Management - Proficiency Level Intermediate

Your pay at Zurich is based on your role, location, skills, and experience. We follow local laws to ensure fair compensation. You may also be eligible for bonuses and merit increases. If your expectations are above the listed range, we still encourage you to apply-your unique background matters to us. The pay range shown is a national average and may vary by location. The proposed Salary range for this position is $100,200.00 - $164,100.00, with short-term incentive bonus eligibility set at 15%.


We offer competitive pay and comprehensive benefits for employees and their families. [Learn more about Total Rewards here.]

Why Zurich?

At Zurich, we value your ideas and experience. We offer growth, inclusion, and a supportive environment-so you can help shape the future of insurance. Zurich North America is a leader in risk management, with over 150 years of expertise and coverage across 25+ industries, including 90% of the Fortune 500®.

Join us for a brighter future-for yourself and our customers.

Zurich in North America does not discriminate based on race, ethnicity, color, religion, national origin, sex, gender expression, gender identity, genetic information, age, disability, protected veteran status, marital status, sexual orientation, pregnancy or other characteristics protected by applicable law. Equal Opportunity Employer disability/vets.

Zurich complies with 18 U.S. Code § 1033.

Please note: Zurich does not accept unsolicited CVs from agencies. Preferred vendors should use our Recruiting Agency Portal.

Location(s): AM - Missouri Virtual Office, AM - Remote Work (US)
Remote Working: Hybrid
Schedule: Full Time
Employment Sponsorship Offered: No


Linkedin Recruiter Tag: #LI-AW1 #LI-ASSOCIATE #LI-REMOTE