Recovery and Restoration Engineer - Remote (Anywhere in the U.S.)
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.Role Summary
The Recovery and Restoration Engineer is a critical member of the Incident Management & Recovery team, responsible for rebuilding and securing infrastructure environments following ransomware or other destructive cyber incidents. This role combines strong on-premises infrastructure expertise (Active Directory, VMware/Hyper-V, storage, backups, etc.) with solid Microsoft 365 and Azure tenant recovery experience. You will manage hands-on rebuild efforts across identity, compute, storage, and cloud layers, working directly with clients, the Guidepoint Security Incident Response team, and internal engineers to restore business operations quickly, securely, and safely. This position reports to senior engineers and serves as a technical lead for junior team members on recovery engagements.
Core Responsibilities
Manage IT recovery projects involving on-premises endpoint and network infrastructure, Azure AD, and Microsoft 365
Develop technical remediation and restoration plans tailored to the impact of a client's environment with oversight from senior engineers
Implement network containment on common firewall platforms in preparation for recovery efforts
Rebuild Active Directory domains, DNS/DHCP, and GPO structures to a clean baseline
Restore and validate virtualized workloads (VMware, Hyper-V) and critical file/application servers
Recover and secure Azure AD identities, Conditional Access, and synchronization with on-prem AD
Rebuild Exchange Online, SharePoint, OneDrive, and Teams configurations
Validate and restore data from backups (Veeam, Rubrik, Datto, etc.) ensuring integrity and cleanliness
Utilize common remote management tools to assist impacted clients remotely
Apply industry standard Microsoft hardening guidelines throughout recovery processes
Implement common compliance controls, such as MFA, Defender for Office 365, and Purview
Develop automation scripts (PowerShell/Python) for recurring recovery workflows
Document rebuilt configurations and provide client recommendations for hardening and post-incident validation
Mentor and provide technical guidance to junior engineers during recovery engagements
Participate in after-hours response rotations
Travel to client sites as required to perform critical recovery activities and on-site validation (up to 50%)
Required Competencies
Technical Expertise
Strong knowledge of Windows Server, Active Directory, Azure AD, and Microsoft 365 administration
Solid experience with VMware or Hyper-V virtualization platforms
Proficiency in PowerShell scripting (experience with AzureAD, ExchangeOnline, Graph API modules preferred)
Working knowledge of backup restoration workflows and immutable storage systems
Strong understanding of identity security, Conditional Access, Defender for Cloud Apps, and Exchange Online Protection
Experience with common firewall platforms and network segmentation concepts
Recovery & Security Mindset
Proven experience in recovery or rebuild scenarios post-incident (ransomware or other destructive attacks)
Ability to identify common persistence mechanisms and rebuild clean environments under tight timelines
Working knowledge of NIST CSF, CIS benchmarks, and insurance-driven recovery requirements
Understanding of threat actor tactics and methods to ensure complete remediation
Collaboration & Leadership
Strong communication and documentation skills across technical and non-technical stakeholders
Proven ability to work alongside IR firms, legal counsel, and insurers during live recovery engagements
Capable of guiding junior engineers and contributing to structured rebuild methodologies
Ability to manage multiple priorities and coordinate with various teams during high-pressure situations
Professional Attributes
Calm and decisive under pressure; able to prioritize critical-path recovery items
Highly organized with a disciplined approach to communicating recovery milestones, task tracking, and reporting
Willingness to travel up to 50% to client environments as needed for hands-on rebuilds and validation
Self-motivated with strong problem-solving skills and attention to detail
Preferred Background
4–7 years of experience in infrastructure engineering roles, preferably within consulting, MSP, or IR/recovery efforts
Microsoft certifications (e.g., AZ-104, MS-100, MS-500) or equivalent enterprise experience
Experience with one or more EDR or security platforms (CrowdStrike, SentinelOne, Defender)
Demonstrated scripting or automation experience, showing ability to accelerate recovery processes
Previous experience in high-pressure IT environments or incident response scenarios
We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.
Why GuidePoint?GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers.
Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.
This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.Some added perks….
Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
12 corporate holidays and a Flexible Time Off (FTO) program
Healthy mobile phone and home internet allowance
Eligibility for retirement plan after 2 months at open enrollment
Pet Benefit Option
Apply Now
The Recovery and Restoration Engineer is a critical member of the Incident Management & Recovery team, responsible for rebuilding and securing infrastructure environments following ransomware or other destructive cyber incidents. This role combines strong on-premises infrastructure expertise (Active Directory, VMware/Hyper-V, storage, backups, etc.) with solid Microsoft 365 and Azure tenant recovery experience. You will manage hands-on rebuild efforts across identity, compute, storage, and cloud layers, working directly with clients, the Guidepoint Security Incident Response team, and internal engineers to restore business operations quickly, securely, and safely. This position reports to senior engineers and serves as a technical lead for junior team members on recovery engagements.
Core Responsibilities
Manage IT recovery projects involving on-premises endpoint and network infrastructure, Azure AD, and Microsoft 365
Develop technical remediation and restoration plans tailored to the impact of a client's environment with oversight from senior engineers
Implement network containment on common firewall platforms in preparation for recovery efforts
Rebuild Active Directory domains, DNS/DHCP, and GPO structures to a clean baseline
Restore and validate virtualized workloads (VMware, Hyper-V) and critical file/application servers
Recover and secure Azure AD identities, Conditional Access, and synchronization with on-prem AD
Rebuild Exchange Online, SharePoint, OneDrive, and Teams configurations
Validate and restore data from backups (Veeam, Rubrik, Datto, etc.) ensuring integrity and cleanliness
Utilize common remote management tools to assist impacted clients remotely
Apply industry standard Microsoft hardening guidelines throughout recovery processes
Implement common compliance controls, such as MFA, Defender for Office 365, and Purview
Develop automation scripts (PowerShell/Python) for recurring recovery workflows
Document rebuilt configurations and provide client recommendations for hardening and post-incident validation
Mentor and provide technical guidance to junior engineers during recovery engagements
Participate in after-hours response rotations
Travel to client sites as required to perform critical recovery activities and on-site validation (up to 50%)
Required Competencies
Technical Expertise
Strong knowledge of Windows Server, Active Directory, Azure AD, and Microsoft 365 administration
Solid experience with VMware or Hyper-V virtualization platforms
Proficiency in PowerShell scripting (experience with AzureAD, ExchangeOnline, Graph API modules preferred)
Working knowledge of backup restoration workflows and immutable storage systems
Strong understanding of identity security, Conditional Access, Defender for Cloud Apps, and Exchange Online Protection
Experience with common firewall platforms and network segmentation concepts
Recovery & Security Mindset
Proven experience in recovery or rebuild scenarios post-incident (ransomware or other destructive attacks)
Ability to identify common persistence mechanisms and rebuild clean environments under tight timelines
Working knowledge of NIST CSF, CIS benchmarks, and insurance-driven recovery requirements
Understanding of threat actor tactics and methods to ensure complete remediation
Collaboration & Leadership
Strong communication and documentation skills across technical and non-technical stakeholders
Proven ability to work alongside IR firms, legal counsel, and insurers during live recovery engagements
Capable of guiding junior engineers and contributing to structured rebuild methodologies
Ability to manage multiple priorities and coordinate with various teams during high-pressure situations
Professional Attributes
Calm and decisive under pressure; able to prioritize critical-path recovery items
Highly organized with a disciplined approach to communicating recovery milestones, task tracking, and reporting
Willingness to travel up to 50% to client environments as needed for hands-on rebuilds and validation
Self-motivated with strong problem-solving skills and attention to detail
Preferred Background
4–7 years of experience in infrastructure engineering roles, preferably within consulting, MSP, or IR/recovery efforts
Microsoft certifications (e.g., AZ-104, MS-100, MS-500) or equivalent enterprise experience
Experience with one or more EDR or security platforms (CrowdStrike, SentinelOne, Defender)
Demonstrated scripting or automation experience, showing ability to accelerate recovery processes
Previous experience in high-pressure IT environments or incident response scenarios
We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.
Why GuidePoint?GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers.
Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.
This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.Some added perks….
Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
12 corporate holidays and a Flexible Time Off (FTO) program
Healthy mobile phone and home internet allowance
Eligibility for retirement plan after 2 months at open enrollment
Pet Benefit Option
Apply Now