Consulting Associate Cybersecurity Incident Response Forensic Services practice
Charles River AssociatesLocation not specified
Full Time
Posted January 27, 2026
$100k - $127k
~61 people viewed this recently
Apply Now
Application opens on company website
Job Description
The position involves providing digital forensic and cybersecurity investigation services, analyzing digital evidence, responding to data security incidents, and supporting clients and counsel with technical assessments and reports within a forensic services team.
Key Responsibilities
- Execute security and privacy investigations, including breach detection, threat analysis, incident response, and malware analysis.
- Provide digital forensic support for data security incidents such as data breaches and fraud.
- Draft forensic reports, affidavits, and testify as an expert in digital forensics and incident response.
- Perform forensic analysis of digital information using evidence handling techniques and forensic tools.
- Identify, research, and organize data to facilitate effective analysis and assess data sufficiency.
- Acquire digital evidence from hosts and analyze for signs of compromise and impact.
- Detect and hunt malware, including rootkits, backdoors, and Trojans, across enterprise environments.
- Create Indicators of Compromise (IOCs) to enhance incident response and threat intelligence.
- Track adversary activity through timeline analysis, memory forensics, and network traffic examination.
- Assess cybersecurity controls and provide technical guidance based on cybersecurity frameworks.
- Participate in practice-building activities such as recruiting and training forensic professionals.
Requirements
- Candidates must have 3-5 years of experience in digital forensics, cybersecurity, or related fields.
- Candidates must have majored in Computer Science, Digital Forensics, Information Security, and/or Information Systems.
- Candidates must have knowledge of cybersecurity concepts, research experience, quantitative ability, and exceptional written and oral communication skills.
- Candidates must demonstrate a high level of initiative and the ability to work collaboratively with a team.
- Candidates must be able to use data to solve client problems, effectively manage their time, prioritize tasks, and take pride and ownership in their work.
- Candidates must have experience executing security and privacy investigations for clients, including breach detection, threat analysis, incident response, and malware analysis.
- Candidates must have experience providing expert digital forensic support for data security incidents such as data breaches or fraud.
- Candidates must have experience assisting in the drafting of forensic reports, affidavits, and testifying as an expert in digital forensics and incident response.
- Candidates must have experience engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools.
- Candidates must be able to identify, research, and organize information to assess the appropriateness and sufficiency of available data for effective data access and analysis.
- Candidates must develop familiarity with data inputs such as threat intelligence, logging data, and contextual clues relevant to forensic analysis.
- Candidates must recognize relationships among multiple sources and types of information to facilitate effective data analysis.
- Candidates must have programming, model building, and database administration skills in Python, T-SQL, VBA, Excel, C, among others.
- Candidates must ensure the reliability of analysis and risk management through implementing quality control measures and documentation.
- Candidates must forensically acquire data and images from identified hosts, locate evidence of compromise, and determine its impact through disk, file, memory, and log analysis.
- Candidates must identify artifact and evidence locations to answer critical questions related to execution, file access, data theft, anti-forensics, and system usage by adversaries.
- Candidates must detect and hunt unknown live, dormant, and custom malware across multiple hosts in an enterprise environment.
- Candidates must create Indicators of Compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts.
- Candidates must track adversary activity on a host via in-depth timeline analysis, including understanding evidence needed to determine malware type such as rootkits, backdoors, and Trojan horses.
- Candidates must identify lateral movement and pivots within client enterprises, showing how adversaries transition from system to system without detection.
- Candidates must use physical memory analysis tools to determine adversary activities on hosts and across the network.
- Candidates must examine traffic using common network protocols to identify patterns of activity or specific actions warranting further investigation.
- Candidates must identify and track malware beaconing outbound to command and control (C2) channels via memory forensics, registry analysis, and network connections.
- Candidates must provide technical assessment, audit, and guidance to clients on the adequacy of cybersecurity controls in accordance with frameworks such as NIST CSF 2.0, HIPAA, ISO 27001 and 27002, SOC2, or NERC-CIP.
- Candidates must have a strong understanding of computer operating systems, software, and hardware.
- Candidates must have experience conducting detailed forensic investigations and analysis of computers, networks, mobile devices, and removable media using commercial and open source forensic tools, including file system forensics, memory analysis, and network analysis.
- Candidates must have experience conducting static and dynamic malware analysis in a lab environment and threat hunting in a live environment.
- Candidates must have experience with evidence handling procedures and chain of custody.
- Candidates must have experience drafting technical and investigative reports and effectively communicating technical findings.
- Candidates must have experience utilizing automation tools and scripts to expedite analysis.
- Candidates must understand incident handling procedures including preparation, identification, containment, eradication, and recovery to protect enterprise environments.
- Candidates must have knowledge of common attack techniques used by adversaries and how to leverage those techniques to prevent further activity.
- Candidates must have digital forensics incident response training and certifications such as SANS GIAC GCFA, GCFE, GNFA, GIME, IACIS CFCE or CIFR, Magnet MCFE, X-ways X-Pert, or similar.
Benefits & Perks
Salary range of $100,000 - $126,500 with potential bonus incentive compensation
Work location flexibility with at least 3 to 4 days in the office and options for remote work
Comprehensive benefits package including medical, dental, and vision insurance
401(k) retirement plan with employer match
Life and disability insurance
Paid time off including vacation, sick leave, holidays, and paid parental leave
Wellness programs and employee assistance resources
In-house immigration support for foreign nationals and international business travelers
Skills development programs with at least 100 hours of training annually, including technical training, seminars, and mentoring
Career growth opportunities through internal development activities
Ready to Apply?
Join Charles River Associates and make an impact in renewable energy
Stay Updated on Sustainability Jobs
Get the latest renewable energy jobs and career tips delivered to your inbox.
Job Alerts
Get notified about new sustainability jobs
More at Charles River Associates
More jobs at Charles River Associates
Associate Principal eDiscovery Forensic Services
Charles River Associates
Not specified
Full Time
Apr 30
$140k-170k
Consulting Associate eDiscovery Forensic Services practice
Charles River Associates
VISA
Boston
Full Time
Apr 30
$100k-127k
Associate eDiscovery Forensic Services practice
Charles River Associates
Not specified
Full Time
Apr 30
$87k-95k