NextGenEnergyJobsRenewable Energy Jobs

Associate Cybersecurity Incident Response Forensic Services practice

Charles River Associates
Toronto, Ontario
Full Time
Posted April 18, 2025
Apply Now

Application opens on company website

Job Description

The role involves conducting digital forensic investigations, analyzing cyber security incidents, and providing expert support and reports related to data breaches, malware, and cyber threats for clients, utilizing technical skills in forensic tools, malware analysis, and incident response.

Key Responsibilities

  • Execute security and privacy investigations, including breach detection, threat analysis, incident response, and malware analysis.
  • Provide digital forensic support for data security incidents such as data breaches or fraud.
  • Draft forensic reports, affidavits, and testify as an expert in digital forensics and incident response.
  • Conduct forensic analysis of digital information using evidence handling techniques and forensic tools.
  • Identify, research, and organize data to facilitate effective analysis and assess data sufficiency.
  • Acquire digital evidence from hosts and analyze it to determine the impact of security incidents.
  • Detect and hunt malware, including unknown and custom variants, across enterprise environments.
  • Create Indicators of Compromise (IOCs) to enhance incident response and threat intelligence.
  • Track adversary activity through timeline analysis, memory forensics, and network traffic examination.
  • Assess cybersecurity controls and provide technical guidance based on cybersecurity frameworks.
  • Participate in practice-building activities such as recruiting and training team members.

Requirements

  • Candidates must have 2-4 years of experience in digital forensics, cybersecurity, or information security.
  • Candidates must have majored in Computer Science, Digital Forensics, Information Security, or Information Systems.
  • Knowledge of cybersecurity concepts is required.
  • Experience with conducting digital forensic analysis using commercial and open source forensic tools, including file system forensics, memory analysis, and network analysis, is required.
  • Experience with conducting static and dynamic malware analysis in a lab environment and threat hunting in a live environment is required.
  • Strong understanding of proper evidence handling procedures and chain of custody is required.
  • Experience with drafting technical and investigative reports and communicating technical findings is required.
  • Experience with utilizing automation tools and scripts to expedite analysis is required.
  • Understanding incident handling procedures including preparation, identification, containment, eradication, and recovery is required.
  • Knowledge of common attack techniques used by adversaries on victim networks and leveraging those techniques to stop further activity is required.
  • Digital forensics incident response training and certifications such as SANS GIAC GCFA, GCFE, GNFA, GIME, IACIS CFCE or CIFR, Magnet MCFE, X-ways X-Pert, or similar are required.
  • Ability to conduct detailed forensic investigations and analysis of computers, networks, mobile devices, and removable media is required.
  • Experience with analyzing traffic using common network protocols to identify patterns of activity or specific actions is required.
  • Ability to identify and track malware beaconing outbound to command and control channels via memory forensics, registry analysis, and network connections is required.
  • Ability to create Indicators of Compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts is required.
  • Ability to identify lateral movement and pivots within client enterprises, showing how an adversary transitions from system to system without detection, is required.
  • Experience with examining traffic and analyzing artifacts to determine the type of malware used in an attack, including rootkits, backdoors, and Trojan horses, is required.
  • Ability to use physical memory analysis tools to determine adversary activities on hosts and across the network is required.
  • Experience in providing technical assessment, audit, and guidance to clients on the adequacy of cybersecurity controls in accordance with frameworks such as NIST CSF 2.0, HIPAA, ISO 27001 and 27002, SOC2, or NERC-CIP is required.
  • Candidates must have a strong understanding of computer operating systems, software, and hardware.
  • Candidates must have experience with conducting forensic investigations on computers, networks, mobile devices, and removable media.
  • Candidates must have experience with conducting forensic analysis using commercial and open source forensic tools, including file system forensics, memory analysis, and network analysis.
  • Candidates must have experience with conducting static and dynamic malware analysis and threat hunting.
  • Candidates must have a strong understanding of evidence handling procedures and chain of custody.
  • Candidates must have experience drafting technical and investigative reports and effectively communicating technical findings.
  • Candidates must have experience with utilizing automation tools and scripts to expedite analysis.
  • Candidates must understand incident handling procedures including preparation, identification, containment, eradication, and recovery.
  • Candidates must have knowledge of common attack techniques used by adversaries and how to leverage that knowledge to prevent further activity.
  • Candidates must possess digital forensics incident response training and certifications such as SANS GIAC GCFA, GCFE, GNFA, GIME, IACIS CFCE or CIFR, Magnet MCFE, X-ways X-Pert, or similar.
  • Candidates must be able to perform forensic data acquisition from identified hosts and locate evidence of compromise through disk, file, memory, and log analysis.
  • Candidates must be able to identify artifact and evidence locations to answer critical questions related to execution, file access, data theft, anti-forensics, and system usage by adversaries.
  • Candidates must be capable of detecting and hunting unknown malware, including live, dormant, and custom malware across multiple hosts in an enterprise environment.
  • Candidates must be able to create Indicators of Compromise (IOCs) from analysis to support incident response and threat intelligence efforts.
  • Candidates must be able to track adversary activity on hosts via in-depth timeline analysis.
  • Candidates must understand the evidence needed to determine malware type, including rootkits, backdoors, and Trojan horses, and select appropriate defenses and response tactics.
  • Candidates must identify lateral movement and pivots within client networks, demonstrating how adversaries move undetected.
  • Candidates must use physical memory analysis tools to determine adversary activities on hosts and across the network.
  • Candidates must examine network traffic to identify patterns of activity or specific actions warranting further investigation.
  • Candidates must identify and track malware beaconing outbound to command and control channels using memory forensics, registry analysis, and network connections.
  • Candidates must provide technical assessment, audit, and guidance to clients on cybersecurity controls in accordance with relevant frameworks.
  • Candidates must be willing to work in a flexible work environment, spending approximately 3 to 4 days per week in the office, with some remote work options during certain times of the year.

Benefits & Perks

comprehensive total rewards program including a superior benefits package
wellness programming to support physical, mental, emotional and financial well-being
in-house immigration support for foreign nationals and international business travelers
career growth and skills development through formal and informal training programs
internal seminars, presentation skills training, and career mentoring
work location flexibility with a hybrid model of 3 to 4 days in the office and remote work options during certain times of the year

Ready to Apply?

Join Charles River Associates and make an impact in renewable energy

Apply Now

Stay Updated on Sustainability Jobs

Get the latest renewable energy jobs and career tips delivered to your inbox.

More jobs at Charles River Associates

Consulting Associate European Competition practice - m f d

Charles River Associates
Düsseldorf or Munich
Full Time
May 22

Consulting Associate Forensic Accounting Forensic Services practice

Charles River Associates
Boston
Full Time
May 22

Consulting Associate Intellectual Property practice

Charles River Associates
VISA
Houston
Full Time
May 22

More jobs in Toronto, Ontario

Cannon Design logo

Project Administrator

Cannon Design
Toronto
Full Time
May 22
Cannon Design logo

Technical Designer III

Cannon Design
Toronto
Full Time
May 22
Cannon Design logo

Project Architect V - Healthcare

Cannon Design
Toronto
Full Time
Jun 4