Consulting Associate Cybersecurity Incident Response Forensic Services practice
Charles River AssociatesToronto, Ontario
Full Time
Posted August 26, 2025
Apply Now
Application opens on company website
Job Description
The position involves providing digital forensic and cybersecurity incident response services, including investigating data breaches, malware analysis, threat hunting, and supporting clients with technical assessments and reports, within a consulting firm specializing in economic and management advisory services.
Key Responsibilities
- Execute security and privacy investigations, including breach detection, threat analysis, incident response, and malware analysis.
- Provide digital forensic support for data security incidents such as data breaches or fraud.
- Draft forensic reports, affidavits, and testify as an expert in digital forensics and incident response.
- Perform forensic analysis of digital information using evidence handling techniques and forensic tools.
- Create threat intelligence reports and develop custom analytic products from open and closed sources.
- Support incident response, threat hunting, and intelligence teams by collecting and analyzing relevant data.
- Conduct technical analysis on malicious artifacts, including malware and suspicious files or network traffic.
- Identify, research, and organize evidence to assess system compromise and adversary activity.
- Detect and hunt for malware and adversary activity across enterprise environments using memory and network analysis.
- Develop Indicators of Compromise (IOCs) to enhance incident response and threat intelligence efforts.
- Track adversary activity and lateral movement within client networks through timeline and forensic analysis.
- Assess cyber security controls and provide technical guidance based on cybersecurity frameworks.
- Participate in practice-building activities, including recruiting and training forensic professionals.
Requirements
- Candidates must have 3-5 years of experience in cyber intrusion investigation or incident response analysis.
- Candidates must have a major in Computer Science, Digital Forensics, Information Security, and/or Information Systems.
- Candidates must have knowledge of cybersecurity concepts, research experience, quantitative ability, and exceptional written and oral communication skills.
- Candidates must have the ability to use data to solve client problems, work collaboratively with a team, effectively manage their time, prioritize tasks, and take pride and ownership in their work.
- Candidates must have experience executing security and privacy investigations for CRA clients, including ongoing breach detection, threat analysis, incident response, and malware analysis.
- Candidates must have experience providing expert digital forensic support for counsel and clients in support of data security incidents such as data breaches or fraud.
- Candidates must have experience assisting in the drafting of forensic reports, affidavits, and testifying as an expert in digital forensics and incident response.
- Candidates must have experience engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools.
- Candidates must have experience presenting tactical and strategic intelligence about threat groups, their methodologies, and motivations.
- Candidates must have experience creating custom analytic products based on conclusions and judgments derived from open and closed intelligence sources and independent research.
- Candidates must have experience providing timely support for incident response, hunting, and threat intelligence teams by collecting relevant intelligence and performing research and analysis.
- Candidates must have experience performing technical analysis on malicious or suspicious artifacts, including malicious executables and documents, packet captures, etc.
- Candidates must have experience identifying, researching, and organizing information to assess data sufficiency for effective analysis, including familiarity with threat intelligence, logging data, and contextual clues.
- Candidates must have programming, model building, and database administration skills in Python, T-SQL, VBA, Excel, C, among others.
- Candidates must ensure analysis reliability and risk management through implementing quality control measures and documentation.
- Candidates must be able to forensically acquire data and images from identified hosts, locate evidence of compromise, and determine impact from disk, file, memory, and log analysis.
- Candidates must be able to identify artifact and evidence locations to answer critical questions related to execution, file access, data theft, anti-forensics, and system usage by adversaries.
- Candidates must have the ability to detect and hunt unknown live, dormant, and custom malware across multiple hosts in an enterprise environment.
- Candidates must be capable of creating Indicators of Compromise (IOCs) from analysis to support incident response and threat intelligence efforts.
- Candidates must be able to track adversary activity second-by-second on a host via in-depth timeline analysis.
- Candidates must understand the evidence needed to determine the type of malware used in an attack, including rootkits, backdoors, and Trojan horses, and select appropriate defenses and response tactics.
- Candidates must be able to identify lateral movement and pivots within client enterprises, demonstrating how adversaries transition between systems without detection.
- Candidates must have experience using physical memory analysis tools to determine adversary activities on hosts and across networks.
- Candidates must be able to examine traffic using common network protocols to identify patterns of activity or specific actions warranting further investigation.
- Candidates must be capable of identifying and tracking malware beaconing outbound to command and control (C2) channels via memory forensics, registry analysis, and network connections.
- Candidates must be able to provide technical assessment, audit, and guidance to clients on the adequacy of cybersecurity controls in accordance with frameworks such as NIST CSF 2.0, HIPAA, ISO 27001 and 27002, SOC2, and NERC-CIP.
- Candidates must have strong understanding of computer operating systems, software, and hardware.
- Candidates must have experience conducting detailed forensic investigations and analysis of computers, networks, mobile devices, and removable media using commercial and open source forensic tools, including file system forensics, memory analysis, and network analysis.
- Candidates must have experience conducting static and dynamic malware analysis in a lab environment and threat hunting in a live environment.
- Candidates must have experience with proper evidence handling procedures and chain of custody.
- Candidates must have experience drafting technical and investigative reports and communicating technical findings.
- Candidates must have experience utilizing automation tools and scripts to expedite analysis.
- Candidates must understand incident handling procedures including preparation, identification, containment, eradication, and recovery.
- Candidates must have knowledge of common attack techniques used by adversaries and how to leverage those techniques to prevent further activity.
- Candidates must have experience with vulnerability management, penetration testing, scripting, reverse engineering, and related skills.
- Candidates must have exposure to malware families such as PlugX and Poison Ivy used in espionage or criminal campaigns.
- Candidates must be proficient with Threat Intelligence Platforms and analyst software tools such as MISP and Maltego.
- Candidates must have digital forensics incident response training and certifications, including SANS GIAC (GCFA, GCFE, GNFA, GIME), IACIS (CFCE, CIFR), Magnet MCFE, X-ways X-Pert, or similar.
Benefits & Perks
Compensation/salary range (not specified in the posting)
Work schedule flexibility with at least 3 to 4 days in the office per week
Work environment perks including career growth and skills development programs
Robust skills development programs with 100 hours of training annually
Comprehensive total rewards program including benefits, wellness programming, and in-house immigration support
Work location flexibility with options for remote work
Mentorship and performance coaching from senior colleagues
Internal seminars and leadership opportunities
Ready to Apply?
Join Charles River Associates and make an impact in renewable energy
Stay Updated on Sustainability Jobs
Get the latest renewable energy jobs and career tips delivered to your inbox.
Job Alerts
Get notified about new sustainability jobs
More at Charles River Associates
More jobs at Charles River Associates
Manager Transfer Pricing practice
Charles River Associates
VISA
Oakland
Full Time
3d
$130k-153k
Associate Transfer Pricing practice
Charles River Associates
Oakland
Full Time
Dec 24
$87k-95k
Associate Transfer Pricing practice
Charles River Associates
VISA
Oakland
Full Time
Dec 27
$87k-95k
More jobs in Toronto, Ontario
Senior Manager, Recruiting
Samsara
Toronto
Full Time
Dec 17
$123k-169k
Software Engineer II, New Product
Samsara
Toronto
Full Time
Dec 25
$105k-135k
Technical Account Manager
Samsara
Toronto
Full Time
Dec 29
$78k-101k