Consulting Associate/Cybersecurity & Incident Response (Forensic Services practice)

Consulting Associate/Cybersecurity & Incident Response (Forensic Services practice)

Company Overview

Charles River Associates is a global consulting firm offering economic, financial, and strategic expertise to law firms, corporations, accounting firms, and governments. CRA is a leading global consulting firm that provides independent economic and financial analysis behind litigation matters, guides businesses through critical strategy and operational issues to become more profitable, and advises governments on the economic impact of policies and regulations.

Job Overview

CRA’s Forensic Services practice supports companies’ commitment to integrity by assisting them and their counsel in independently responding to allegations of fraud, waste, abuse, misconduct, and non-compliance. We are looking for curious, analytical, highly motivated candidates with 3-5 years of experience who have majored in Computer Science, Digital Forensics, Information Security, and/or Information Systems.

Key Responsibilities

• Executing security and privacy investigations for CRA clients, including ongoing breach detection, threat analysis, incident response, and malware analysis.
• Providing expert digital forensic support for counsel and clients in support of data security incidents.
• Assisting in the drafting of forensic reports and testifying as an expert in the field of digital forensics and incident response.
• Engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques.
• Presenting tactical and strategic intelligence about threat groups and their methodologies.
• Creating custom analytic products based on intelligence sources and independent research.
• Providing timely support for clients’ incident response and threat intelligence teams.
• Performing technical analysis on malicious or suspicious artifacts.
• Identifying, researching, and organizing information to assess the appropriateness of available data.
• Developing familiarity with data inputs for analysis.
• Recognizing relationships among multiple sources of information to facilitate effective data analysis.
• Programming, model building, and database administration (Python, T-SQL, VBA, Excel, C#, among others).
• Ensuring reliability of analysis and risk management through quality control measures.
• Forensically acquiring data and images from identified hosts.
• Identifying artifact and evidence locations to answer critical questions.
• Detecting and hunting unknown malware across multiple hosts.
• Creating Indicators of Compromise (IOCs) from analysis.
• Tracking adversary activity via in-depth timeline analysis.
• Understanding the evidence needed to determine the type of malware used in an attack.
• Identifying lateral movement within client enterprises.
• Using physical memory analysis tools to determine an adversary's activities.
• Examining traffic using common network protocols.
• Identifying and tracking malware beaconing to its command and control channel.
• Providing technical assessments and guidance to clients on cybersecurity controls.
• Participating in practice-building activities including recruiting and training.

Qualifications

• 3-5 years of experience in cyber intrusion investigation or incident response analysis.
• Strong understanding of computer operating systems, software, and hardware.
• Ability to conduct detailed forensic investigations and analysis.
• Experience with conducting digital forensic analysis using various tools.
• Experience with static/dynamic malware analysis and threat hunting.
• Strong understanding of proper evidence handling procedures.
• Experience with drafting technical reports and communicating findings.
• Experience utilizing automation tools to expedite analysis.
• Understanding incident handling procedures.
• Understanding of common attack techniques.
• Experience with vulnerability management and penetration testing.
• Exposure to a variety of malware families.
• Proficiency with Threat Intelligence Platforms and analyst software tools.
• Digital forensics/incident response training and certifications.

To Apply

To be considered for a position in Canada, we require the following:

• Resume – please include current address, personal email, and telephone number.

If you are interested in applying for one of our international locations, please visit our Careers site.

Career Growth and Benefits

• CRA’s robust skills development programs, including a commitment to offering 100 hours of training annually.
• We offer a comprehensive total rewards program including a superior benefits package and wellness programming.

Work Location Flexibility

CRA creates a work environment that enables our colleagues to benefit from being together in the office while also recognizing the benefits of working from home periodically.

Our Commitment to Diversity

Charles River Associates is an equal opportunity employer (EOE/AAE) and is committed to an inclusive work environment.