Job description
Forensic & Litigation Consulting
FTI Consulting is the leading global expert firm for organizations facing crisis and transformation. We work with many of the world's top multinational corporations, law firms, banks and private equity firms on their most important issues to deliver impact that makes a difference. From resolving disputes, navigating crises, managing risk and optimizing performance, our teams respond rapidly to dynamic and complex situations.
At FTI Consulting, you'll work side by side with leaders who have shaped history, helping solve the biggest challenges making headlines today. From day one, you'll be an integral part of a focused team where you can make a real impact. You'll be surrounded by an open, collaborative culture that embraces diversity, recognition, professional development and, most importantly, you.
Are you ready to make your impact?
About The Role
We are involved in complex, global and high-profile litigation, arbitration and investigations combining end-to-end risk advisory, investigative and disputes expertise to deliver holistic solutions for our clients.
More specifically, we are looking for technical cybersecurity experts with experience in all or some of the following: intelligence collection, incident response, insider threat analysis, network operations, emerging cyber policy, security operations (malware analysis, specialized cloud expertise, forensic experts, penetration testing, and application testing). With offices worldwide, we are able to uncover and analyze critical information wherever a need existsno matter how intricate the investigation may be.
What You'll Do
You will support a diverse range of high-impact, technically complex engagements in which clients require rapid engineering recovery and long-term hardening of critical systems. You'll be responsible for analyzing, re-designing, configuring, and rebuilding enterprise infrastructure and cloud environments in alignment with best practices and client-specific needs.
Your responsibilities will include:
• Leading and supporting engagements focused on cybersecurity engineering, infrastructure hardening, and post-breach rebuilds.
• Conducting hands-on remediation efforts following advanced persistent threats (APT), ransomware, and other intrusions, including:
• Rebuilding Active Directory environments and domain controllers
• Reconfiguring or migrating Microsoft 365 (Exchange Online, Entra ID / Azure AD, Intune, Defender, etc.)
• Restoring, rebuilding, and re-securing virtualized infrastructure (e.g., VMware, Hyper-V)
• Deploying, validating, and tuning EDR tooling across compromised environments
• Evaluating and improving cybersecurity controls, governance models, technical standards, and operating procedures, both pre- and post-breach.
• Designing secure enterprise network architectures, including segmentation, firewall policy development, secure remote access, and Zero Trust principles.
• Documenting and addressing information security, cybersecurity architecture, and systems security engineering requirements throughout the system development lifecycle.
• Working closely with clients, including system owners and IT stakeholders, to assess and rebuild systems in alignment with regulatory expectations, cybersecurity frameworks, and threat models.
• Performing security reviews, identifying gaps in architecture or controls, and developing actionable remediation roadmaps.
• Configuring and securing hybrid or cloud-native environments across Microsoft Azure, AWS, and GCP, including:
• Logging, monitoring, and alerting (e.g., Sentinel, CloudTrail, Security Command Center)
• Cloud IAM and conditional access policies
• Secure storage, compute, and networking
• Rebuilding server environments across Windows and Linux platforms with hardened baselines and operational continuity.
• Assessing and remediating vulnerabilities in identity and access management systems, including SSO, MFA, and SCIM integrations.
• Collaborating with incident response, legal, and compliance teams to align remediation with strategic business needs.
• Leading or contributing to the development of new technical service offerings around security modernization and recovery.
• Staying abreast of cybersecurity trends, emerging threats, advanced attack techniques, and evolving best practices in enterprise IT and cloud security.
This role is highly technical and hands-on, requiring deep expertise and demonstrated proficiency in the following domains:
• Enterprise and Cloud Security Engineering
• Microsoft 365 and Entra ID (formerly Azure AD) configuration, migration, and security policy enforcement
• Multi-cloud environments (AWS, Azure, GCP) including workload protection, IAM, and secure networking
• Virtual private cloud design, peering, routing, VPNs, and logging/monitoring infrastructure
• SAML/OAuth2, SSO, and SCIM-based IAM integrations across platforms
• Post-Breach Infrastructure Restoration
• Domain controller rebuilds and forest recovery
• Secure restoration of file shares, print services, and business-critical systems
• EDR re-enablement and telemetry validation (e.g., SentinelOne, CrowdStrike, Microsoft Defender for Endpoint)
• Virtualized infrastructure rebuild (e.g., VCenter redeployment, snapshot integrity validation, HA restoration)
• Core Infrastructure & Network Engineering
• Firewall rulebase analysis and reimplementation (e.g., Palo Alto, Fortinet, Cisco ASA)
• Network segmentation and isolation strategies post-compromise
• Active Directory and DNS/DHCP architecture hardening
• Linux and Windows server re-baselining and secure configuration
How You'll Grow
This is an excellent opportunity for a person with proven, hands-on cybersecurity experience to join a dynamic and growing cybersecurity team. You will have the opportunity to be involved with fascinating, high-paced and high-profile cybersecurity engagements requiring the best talent to provide value to our clients. Alongside this, you will receive coaching and mentoring within the team to develop your experience and confidence. With the ever-evolving cybersecurity landscape, the need for continuous professional development remains at the forefront of the quality of our team and is wholly supported. We will work with you to develop a career path within the FTI Cybersecurity team so you there is a clear progression path, coupled with the right level of support and guidance to achieve the next step in your career at FTI Consulting.
We are committed to investing and supporting you in your professional development and have developed a range of programs focused on fostering leadership, growth and development opportunities. We aim to promote continuous learning and individual skills development through on-the-job learning, self-guided professional development courses and certifications. You'll be assigned a dedicated coach to mentor, guide and support you through regular coaching sessions and serve as an advocate for your professional growth.
As you progress through your career at FTI Consulting, we offer tailored programs for critical professional milestones to ensure you are prepared and empowered to take on your next role.
What You Will Need To Succeed
Basic Qualifications
• Bachelor's Degree in Computer Science, Information Security, or a related field.
• 5+ years of relevant post-graduate experience in cybersecurity engineering, infrastructure remediation, or network security architecture.
• Demonstrated experience in post-breach infrastructure restoration, including domain re-establishment, firewall and segmentation redesign, and cloud reconfiguration.
• Ability to travel to clients and FTI office(s) as needed.
• Applicants must be currently authorized to work in the United States on a full-time basis; this position does not provide visa sponsorship
Preferred Qualifications
• Strong technical expertise in:
• Microsoft 365 and Entra ID / Azure AD administration and migration
• Active Directory, DNS, DHCP, and GPO remediation
• Multi-cloud environments (Azure, AWS, GCP)
• Network design, firewall configuration (e.g., Palo Alto, Fortinet, Cisco ASA)
• Endpoint Detection and Response (EDR) tools such as CrowdStrike, SentinelOne, and Microsoft Defender for Endpoint
• Hypervisor administration and recovery (e.g., VMware ESXi, Hyper-V, Proxmox)
• Windows and Linux server administration and hardening
• Familiarity with identity and access management best practices, including least privilege, RBAC, and Zero Trust architecture.
• Cloud and security certifications preferred (e.g., Azure Security Engineer, AWS Security Specialty, CISSP, GCWN, GCIA
Requirements
• This role is highly technical and hands-on, requiring deep expertise and demonstrated proficiency in the following domains:
• Enterprise and Cloud Security Engineering
• Microsoft 365 and Entra ID (formerly Azure AD) configuration, migration, and security policy enforcement
• Multi-cloud environments (AWS, Azure, GCP) including workload protection, IAM, and secure networking
• Virtual private cloud design, peering, routing, VPNs, and logging/monitoring infrastructure
• SAML/OAuth2, SSO, and SCIM-based IAM integrations across platforms
• Post-Breach Infrastructure Restoration
• Secure restoration of file shares, print services, and business-critical systems
• EDR re-enablement and telemetry validation (e.g., SentinelOne, CrowdStrike, Microsoft Defender for Endpoint)
• Virtualized infrastructure rebuild (e.g., VCenter redeployment, snapshot integrity validation, HA restoration)
• Core Infrastructure & Network Engineering
• Firewall rulebase analysis and reimplementation (e.g., Palo Alto, Fortinet, Cisco ASA)
• Network segmentation and isolation strategies post-compromise
• Active Directory and DNS/DHCP architecture hardening
• Linux and Windows server re-baselining and secure configuration
• This is an excellent opportunity for a person with proven, hands-on cybersecurity experience to join a dynamic and growing cybersecurity team
• You will have the opportunity to be involved with fascinating, high-paced and high-profile cybersecurity engagements requiring the best talent to provide value to our clients
• Bachelor's Degree in Computer Science, Information Security, or a related field
• 5+ years of relevant post-graduate experience in cybersecurity engineering, infrastructure remediation, or network security architecture
• Demonstrated experience in post-breach infrastructure restoration, including domain re-establishment, firewall and segmentation redesign, and cloud reconfiguration
• Ability to travel to clients and FTI office(s) as needed
• Applicants must be currently authorized to work in the United States on a full-time basis; this position does not provide visa sponsorship
