Senior Cyber Recovery Engineer; Level 3
Listed on 2026-07-08
-
IT/Tech
Disaster Recovery IT, Cybersecurity
Job#: 3034534
Job Description:
Senior Cyber Recovery Engineer (Level
3)
Location:
Chicago, Illinois (Hybrid)
We are seeking a hands‑on Senior Cyber Recovery Engineer to serve as a technical leader in designing, implementing, and validating our organization’s cyber recovery capabilities. This role is central to a critical initiative to build an Isolated Recovery Environment (IRE), including an air‑gapped data vault and a clean room. The objective is to ensure the ability to restore systems and maintain a "minimal viable bank" in response to a cyber event like a ransomware attack.
This is a practical, not theoretical, role for an architect who has direct experience building and testing recovery solutions in a regulated financial services context.
- Design, build, and maintain the Isolated Recovery Environment (IRE) and clean room infrastructure from the ground up, defining best practices and testing scenarios.
- Architect and operate air‑gapped or logically isolated backup and replication pipelines using immutable storage technologies such as Cohesity, Rubrik, Zerto, Veeam, Commvault, or Net Backup.
- Execute end‑to‑end recovery testing cycles, including tabletop, simulation, and full‑failover scenarios, to validate RTOs and RPOs for critical applications.
- Develop and maintain recovery runbooks, playbooks, and automation scripts for the restoration of core systems.
- Integrate recovery automation into IaC pipelines using tools like Terraform, Ansible, and scripting (Python, Bash, Power Shell) to ensure reproducible and auditable recovery environments.
- Serve as a subject matter expert during regulatory examinations and audits, translating guidance from entities like the FFIEC and NIST into actionable engineering requirements.
- Lead technical forensic validation procedures within the IRE to confirm system integrity before re‑entry into production.
- Collaborate with application owners, DBAs, and platform teams to validate application‑layer recovery sequencing and dependencies.
- 10+ years of infrastructure, platform, or resilience engineering experience, with at least 4 years in a regulated financial institution.
- Demonstrated, hands‑on experience designing, building, implementing, and testing cyber recovery solutions in an Isolated Recovery Environment (IRE) or clean room.
- Direct experience with technology examinations or regulatory responses involving financial regulators (e.g., OCC, FDIC, Federal Reserve).
- Proficiency with enterprise backup and replication platforms (e.g., Cohesity, Rubrik, Zerto, Veeam, Commvault, Net Backup).
- Working knowledge of IaC tooling (Terraform, Ansible) and scripting (Python, Bash, Power Shell) for recovery automation.
- Strong understanding of network segmentation, identity isolation, and zero‑trust concepts within clean room environments.
- Familiarity with ransomware TTPs, destructive malware, and incident response in a recovery context.
- Experience in a GSIB, SIFI, or Category I‑III bank.
- Professional certifications such as CISSP, CISA, or disaster recovery specializations.
- Experience with cyber recovery in hybrid cloud environments (AWS, Azure, GCP).
- Familiarity with payment system continuity considerations (e.g., SWIFT, Fed Wire, CHIPS).
- Exposure to Digital Operational Resilience Act (DORA) requirements.
- A background in incident response or cyber threat intelligence.
Everforth Apex is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).