Associate/Cybersecurity & Incident Response (Forensic Services practice)

Charles River Associates (CRA) is seeking a highly motivated and analytical Associate to join their Cybersecurity & Incident Response team within the Forensic Services practice. CRA is a global consulting firm that provides independent economic and financial analysis. This role is based in Toronto, Ontario, Canada.

Responsibilities:

• Executing security and privacy investigations for clients.
• Providing expert digital forensic support for counsel and clients.
• Assisting in drafting forensic reports and affidavits.
• Engaging in problem-solving and forensic analysis of digital information.
• Identifying and researching information to assess data sufficiency.
• Programming, model building, and database administration.
• Ensuring reliability of analysis through quality control measures.
• Forensically acquiring data and images from identified hosts.
• Detecting and hunting unknown malware across multiple hosts.
• Creating Indicators of Compromise (IOCs) to strengthen incident response.
• Tracking adversary activity via in-depth timeline analysis.
• Identifying lateral movement and pivots within client enterprises.
• Examining traffic using common network protocols.
• Providing technical assessment/audit and guidance to clients on cybersecurity controls.
• Participating in practice-building activities including recruiting and training.

Requirements:

• 2-4 years of experience.
• Majored in Computer Science, Digital Forensics, Information Security, and/or Information Systems.
• Knowledge of cybersecurity concepts.
• Research experience and quantitative ability.
• Exceptional written and oral communication skills.
• Strong understanding of computer operating systems, software and hardware
• Ability to conduct detailed forensic investigations and analysis of computers, networks, mobile devices and removable media
• Experience with conducting digital forensic analysis using commercial and open source forensic tools. Including file system forensics, memory analysis and network analysis
• Experience with conducting static/dynamic malware analysis in a lab environment and threat hunting in a live environment
• Strong understanding of proper evidence handling procedures and chain of custody
• Experience with drafting technical and investigative reports and communicating technical findings
• Experience with utilizing automation tools and scripts to expedite analysis
• Understanding incident handling procedures: preparation, identification, containment, eradication, and recovery-to protect enterprise environments
• Understanding of common attack techniques used by an adversary on a victim network and leveraging those techniques to stop further adversary activity
• Digital forensics/incident response training and certifications, including SANS GIAC (GCFA, GCFE, GNFA, GIME), IACIS (CFCE or CIFR), Magnet MCFE, X-ways X-Pert or similar

Benefits:

• Skills development programs with 100 hours of training annually.
• Career mentoring and performance coaching.
• Comprehensive total rewards program.
• Wellness programming.
• In-house immigration support.