Cyber Recovery Engineer

Hybrid:
Chicago, IL (3 days a week on-site)

Rate: ~$80-$100/hr

As a Senior Cyber Recovery Engineer, you will lead the design, implementation, and continuous validation of recovery capabilities for critical systems and data following cyber incidents. You will operate at the intersection of infrastructure engineering, cybersecurity, and regulatory compliance within a highly regulated financial services environment.

This is a hands‑on role requiring direct experience executing cyber recovery exercises, building isolated recovery environments, and engaging with regulators. You will play a key role in ensuring the organization can recover safely, securely, and efficiently from disruptive cyber events.

• Design, build, and maintain isolated recovery environments (IRE) and clean rooms for cyber recovery.
• Implement secure, air‑gapped or logically isolated backup and replication architectures using immutable storage.
• Develop automation for recovery processes using infrastructure‑as‑code and scripting tools.
• Ensure network and identity isolation to prevent lateral movement during recovery operations.

• Plan and execute end‑to‑end recovery exercises, validating RTOs and RPOs for critical systems.
• Develop and maintain runbooks, playbooks, and recovery procedures for core systems and applications.
• Conduct forensic validation within recovery environments to ensure integrity prior to production restoration.
• Collaborate with cross‑functional teams to ensure application recovery sequencing and dependencies are validated.

• Serve as a subject matter expert during regulatory exams, audits, and inquiries.
• Translate regulatory requirements (FFIEC, NIST, DORA) into actionable engineering controls.
• Prepare documentation and evidence demonstrating recovery readiness and control effectiveness.
• Maintain ongoing audit readiness through documentation, testing, and remediation tracking.

• Design and manage cyber recovery exercises, including ransomware and large‑scale failure scenarios.
• Lead post‑exercise reviews and drive remediation efforts to closure.
• Track and report key recovery metrics (RTO, RPO, MTTR) to senior leadership.
• Continuously improve recovery capabilities through benchmarking and industry alignment.
• Provide technical leadership and guidance on recovery engineering best practices.
• Mentor engineers on clean room operations, recovery protocols, and regulatory expectations.
• Partner with security, infrastructure, and application teams to strengthen organizational resilience.

• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience.
• 10+ years of experience in infrastructure, platform, or resilience engineering.
• 4+ years of experience within a regulated financial institution (bank, broker‑dealer, or asset manager).
• Experience designing, implementing, and testing cyber recovery in isolated recovery environments (IRE) or clean rooms.
• Experience working with financial regulators (e.g., OCC, FDIC, Federal Reserve, NYDFS, SEC, or FINRA).
• Experience with enterprise backup and replication platforms (e.g., Cohesity, Rubrik, Zerto, Veeam, Commvault, Net Backup).
• Experience with infrastructure‑as‑code and automation tools (e.g., Terraform, Ansible) and scripting (Python, Bash, or Power Shell).
• Understanding of network segmentation, identity isolation, and zero trust architectures.
• Knowledge of ransomware behaviors, destructive malware response, and recovery‑focused forensic validation.
• Familiarity with regulatory frameworks such as FFIEC, NIST CSF, or DORA.

• Experience working in a GSIB, SIFI, or highly regulated banking environment.
• Industry certifications such as CISSP, CISA, or cloud disaster recovery certifications (AWS/Azure).
• Experience supporting DORA compliance or EU regulatory environments.
• Familiarity with payment systems (e.g., SWIFT, Fedwire, CHIPS) and their recovery requirements.
• Experience with hybrid or cloud‑based recovery architectures (AWS, Azure, or GCP).
• Background in incident response or cyber threat intelligence.