Cyber Recovery Engineer
Role details
Job location
Tech stack
Job description
We are seeking a hands-on Senior Cyber Recovery Engineer to serve as a technical leader in designing, implementing, and validating our organization's cyber recovery capabilities. This role is central to a critical initiative to build an Isolated Recovery Environment (IRE), including an air-gapped data vault and a clean room. The objective is to ensure the ability to restore systems and maintain a "minimal viable bank" in response to a cyber event like a ransomware attack. This is a practical, not theoretical, role for an architect who has direct experience building and testing recovery solutions in a regulated financial services context., * Design, build, and maintain the Isolated Recovery Environment (IRE) and clean room infrastructure from the ground up, defining best practices and testing scenarios.
- Architect and operate air-gapped or logically isolated backup and replication pipelines using immutable storage technologies such as Cohesity, Rubrik, Zerto, Veeam, Commvault, or NetBackup.
- Execute end-to-end recovery testing cycles, including tabletop, simulation, and full-failover scenarios, to validate RTOs and RPOs for critical applications.
- Develop and maintain recovery runbooks, playbooks, and automation scripts for the restoration of core systems.
- Integrate recovery automation into IaC pipelines using tools like Terraform, Ansible, and scripting (Python, Bash, PowerShell) to ensure reproducible and auditable recovery environments.
- Serve as a subject matter expert during regulatory examinations and audits, translating guidance from entities like the FFIEC and NIST into actionable engineering requirements.
- Lead technical forensic validation procedures within the IRE to confirm system integrity before re-entry into production.
- Collaborate with application owners, DBAs, and platform teams to validate application-layer recovery sequencing and dependencies.
Requirements
- 10+ years of infrastructure, platform, or resilience engineering experience, with at least 4 years in a regulated financial institution.
- Demonstrated, hands-on experience designing, building, implementing, and testing cyber recovery solutions in an Isolated Recovery Environment (IRE) or clean room.
- Direct experience with technology examinations or regulatory responses involving financial regulators (e.g., OCC, FDIC, Federal Reserve).
- Proficiency with enterprise backup and replication platforms (e.g., Cohesity, Rubrik, Zerto, Veeam, Commvault, NetBackup).
- Working knowledge of IaC tooling (Terraform, Ansible) and scripting (Python, Bash, PowerShell) for recovery automation.
- Strong understanding of network segmentation, identity isolation, and zero-trust concepts within clean room environments.
- Familiarity with ransomware TTPs, destructive malware, and incident response in a recovery context.
Preferred Qualifications
- Experience in a GSIB, SIFI, or Category I-III bank.
- Professional certifications such as CISSP, CISA, or disaster recovery specializations.
- Experience with cyber recovery in hybrid cloud environments (AWS, Azure, Google Cloud Platform).
- Familiarity with payment system continuity considerations (e.g., SWIFT, FedWire, CHIPS).
- Exposure to Digital Operational Resilience Act (DORA) requirements.
- A background in incident response or cyber threat intelligence.