Charles River Associates
Consulting Associate/Cybersecurity & Incident Response (Forensic Services practi
Charles River Associates, Chicago, Illinois, United States, 60290
Position Overview
CRA’s Forensic Services practice supports companies’ commitment to integrity by assisting them and their counsel in independently responding to allegations of fraud, waste, abuse, misconduct, and non-compliance. We deploy cross-trained teams of forensic professionals to help clients gain deeper insights and greater value quickly. We provide accounting and forensic services as well as cybercrime investigation services. Responsibilities
Executing security and privacy investigations for CRA clients, including ongoing breach detection, threat analysis, incident response and malware analysis. Providing expert digital forensic support for counsel and clients in support of data security incidents, such as data breaches or fraud. Assisting in the drafting of forensic reports, affidavits, and testifying as an expert in digital forensics and incident response. Engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools. Identify, research, and organize information to assess the appropriateness and sufficiency of available data to facilitate effective data access and analysis. Developing familiarity with data that serves as input to this analysis, including threat intelligence, logging data, and contextual clues. Recognizing relationships among multiple sources and types of information to facilitate effective data analysis. Programming, model building, and database administration (Python, T-SQL, VBA, Excel, C#, among others). Ensuring reliability of analysis and risk management through implementing quality control measures and documentation. Forensically acquire data and images from identified hosts, locate evidence of compromise, and determine impact from disk, file, memory, and log analysis. Identify artifact and evidence locations to answer critical questions, including execution, file access, data theft, anti-forensics, and detailed system usage by an adversary. Detect and hunt unknown live, dormant, and custom malware across multiple hosts in an enterprise environment. Create Indicators of Compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts. Track adversary activity second-by-second on a host via in-depth timeline analysis. Understand the evidence needed to determine the type of malware used in an attack, including rootkits, backdoors, and Trojan horses, and select appropriate defenses and response tactics for each. Identify lateral movement and pivots within client enterprises, showing how an adversary transitions from system to system without detection. Use physical memory analysis tools to determine adversary activities on a host and across pivot points in the network. Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation. Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections. Provide technical assessment and guidance to clients on the adequacy of cybersecurity controls in accordance with frameworks such as NIST CSF 2.0, HIPAA, ISO 27001/27002, SOC 2, and NERC-CIP. Participate in practice-building activities including recruiting and training. Desired Qualifications
Strong understanding of computer operating systems, software, and hardware Ability to conduct detailed forensic investigations and analysis of computers, networks, mobile devices, and removable media Experience with digital forensic analysis using commercial and open-source tools, including file system forensics, memory analysis, and network analysis Experience with static/dynamic malware analysis in a lab environment and threat hunting in a live environment Experience in collegiate computer security competitions Strong understanding of proper evidence handling procedures and chain of custody Experience with drafting technical and investigative reports and communicating technical findings Experience with utilizing automation tools and scripts to expedite analysis Understanding incident handling procedures: preparation, identification, containment, eradication, and recovery Understanding of common attack techniques used by adversaries and how to stop further activity Digital forensics/incident response training and certifications, including SANS GIAC (GCFA, GCFE, GNFA, GIME), IACIS (CFCE or CIFR), Magnet MCFE, X-ways X-Pert or similar To Apply
To be considered for a position in the United States, please provide the following: Resume – include current address, personal email, and telephone number Cover letter – describe your interest in CRA and how this role matches your goals For international locations, please visit our Careers site to view and apply for available jobs. Career Growth and Benefits
CRA’s robust skills development programs, including a commitment to offering 100 hours of training annually through formal and informal programs, to help you thrive as an individual and team member. Training covers research and analysis, technical skills, presentation, internal seminars, and career mentoring and coaching. There are additional leadership and collaboration opportunities through internal firm development activities. A comprehensive total rewards program including a superior benefits package, wellness programming to support physical, mental, emotional and financial well-being, and in-house immigration support for foreign nationals and international travelers. Work Location Flexibility
CRA supports a work environment that encourages collaboration in the office while recognizing benefits of remote work. We currently expect that individuals spend at least 3 to 4 days per week in the office (days may be coordinated with your practice or team and may involve travel to another CRA office or to client meetings). Our Commitment to Equal Employment Opportunity
Charles River Associates is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other protected characteristic under applicable law. The District of Columbia requires CRA to include a good-faith estimate of the wage range for this role. This range is specific to individuals applying to work in our Washington, DC office and considers a number of factors including but not limited to experience, education level, and expertise. A good-faith estimate of the base wage range for this role is $105,000 - $115,000; actual total compensation may also include benefits and bonus. Seniority level
Mid-Senior level Employment type
Full-time Job function
Finance and Sales Industries
Business Consulting and Services
#J-18808-Ljbffr
CRA’s Forensic Services practice supports companies’ commitment to integrity by assisting them and their counsel in independently responding to allegations of fraud, waste, abuse, misconduct, and non-compliance. We deploy cross-trained teams of forensic professionals to help clients gain deeper insights and greater value quickly. We provide accounting and forensic services as well as cybercrime investigation services. Responsibilities
Executing security and privacy investigations for CRA clients, including ongoing breach detection, threat analysis, incident response and malware analysis. Providing expert digital forensic support for counsel and clients in support of data security incidents, such as data breaches or fraud. Assisting in the drafting of forensic reports, affidavits, and testifying as an expert in digital forensics and incident response. Engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools. Identify, research, and organize information to assess the appropriateness and sufficiency of available data to facilitate effective data access and analysis. Developing familiarity with data that serves as input to this analysis, including threat intelligence, logging data, and contextual clues. Recognizing relationships among multiple sources and types of information to facilitate effective data analysis. Programming, model building, and database administration (Python, T-SQL, VBA, Excel, C#, among others). Ensuring reliability of analysis and risk management through implementing quality control measures and documentation. Forensically acquire data and images from identified hosts, locate evidence of compromise, and determine impact from disk, file, memory, and log analysis. Identify artifact and evidence locations to answer critical questions, including execution, file access, data theft, anti-forensics, and detailed system usage by an adversary. Detect and hunt unknown live, dormant, and custom malware across multiple hosts in an enterprise environment. Create Indicators of Compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts. Track adversary activity second-by-second on a host via in-depth timeline analysis. Understand the evidence needed to determine the type of malware used in an attack, including rootkits, backdoors, and Trojan horses, and select appropriate defenses and response tactics for each. Identify lateral movement and pivots within client enterprises, showing how an adversary transitions from system to system without detection. Use physical memory analysis tools to determine adversary activities on a host and across pivot points in the network. Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation. Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections. Provide technical assessment and guidance to clients on the adequacy of cybersecurity controls in accordance with frameworks such as NIST CSF 2.0, HIPAA, ISO 27001/27002, SOC 2, and NERC-CIP. Participate in practice-building activities including recruiting and training. Desired Qualifications
Strong understanding of computer operating systems, software, and hardware Ability to conduct detailed forensic investigations and analysis of computers, networks, mobile devices, and removable media Experience with digital forensic analysis using commercial and open-source tools, including file system forensics, memory analysis, and network analysis Experience with static/dynamic malware analysis in a lab environment and threat hunting in a live environment Experience in collegiate computer security competitions Strong understanding of proper evidence handling procedures and chain of custody Experience with drafting technical and investigative reports and communicating technical findings Experience with utilizing automation tools and scripts to expedite analysis Understanding incident handling procedures: preparation, identification, containment, eradication, and recovery Understanding of common attack techniques used by adversaries and how to stop further activity Digital forensics/incident response training and certifications, including SANS GIAC (GCFA, GCFE, GNFA, GIME), IACIS (CFCE or CIFR), Magnet MCFE, X-ways X-Pert or similar To Apply
To be considered for a position in the United States, please provide the following: Resume – include current address, personal email, and telephone number Cover letter – describe your interest in CRA and how this role matches your goals For international locations, please visit our Careers site to view and apply for available jobs. Career Growth and Benefits
CRA’s robust skills development programs, including a commitment to offering 100 hours of training annually through formal and informal programs, to help you thrive as an individual and team member. Training covers research and analysis, technical skills, presentation, internal seminars, and career mentoring and coaching. There are additional leadership and collaboration opportunities through internal firm development activities. A comprehensive total rewards program including a superior benefits package, wellness programming to support physical, mental, emotional and financial well-being, and in-house immigration support for foreign nationals and international travelers. Work Location Flexibility
CRA supports a work environment that encourages collaboration in the office while recognizing benefits of remote work. We currently expect that individuals spend at least 3 to 4 days per week in the office (days may be coordinated with your practice or team and may involve travel to another CRA office or to client meetings). Our Commitment to Equal Employment Opportunity
Charles River Associates is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other protected characteristic under applicable law. The District of Columbia requires CRA to include a good-faith estimate of the wage range for this role. This range is specific to individuals applying to work in our Washington, DC office and considers a number of factors including but not limited to experience, education level, and expertise. A good-faith estimate of the base wage range for this role is $105,000 - $115,000; actual total compensation may also include benefits and bonus. Seniority level
Mid-Senior level Employment type
Full-time Job function
Finance and Sales Industries
Business Consulting and Services
#J-18808-Ljbffr