Associate/Cybersecurity & Incident Response (Forensic Services practice) Job at

Associate/Cybersecurity & Incident Response (Forensic Services practice) Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; Washington, DC, United States Overview CRA’s Forensic Services practice supports companies’ commitment to integrity by assisting them and their counsel in independently responding to allegations of fraud, waste, abuse, misconduct, and non-compliance. We deploy cross-trained teams of forensic professionals to help clients gain deeper insights and greater value quickly. We provide accounting and forensic services as well as cybercrime investigation services. We value knowledge of cybersecurity concepts, research experience, quantitative ability, exceptional written and oral communication skills, and a high level of initiative. Associates use data to solve client problems, work collaboratively with a team, manage time effectively, prioritize tasks, and take pride and ownership in their work. Responsibilities Executing security and privacy investigations for CRA clients, in preparation for, and in response to, data security matters, including ongoing breach detection, threat analysis, incident response and malware analysis; Providing expert digital forensic support for counsel and clients in support of data security incidents, such as data breaches or fraud; Assisting in the drafting of forensic reports, affidavits and testifying as an expert in digital forensics and incident response; Engaging in problem-solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools; Identifying, researching, and organizing information to assess the sufficiency of available data to facilitate effective data access and analysis; Developing familiarity with data inputs to analysis, including threat intelligence, logging data, and contextual clues; Recognizing relationships among multiple sources and types of information to facilitate analysis; Programming, model building, and database administration (Python, T-SQL, VBA, Excel, C#, among others); Ensuring reliability of analysis and risk management through quality control and documentation; Forensically acquiring data and images from identified hosts and locating evidence of compromise to determine impact via disk, file, memory, and log analysis; Identifying artifact and evidence locations to answer critical questions, including execution, file access, data theft, anti-forensics, and detailed system usage by an adversary; Detecting and hunting unknown malware across multiple hosts in an enterprise environment; Creating Indicators of Compromise (IOCs) to strengthen incident response and threat intelligence; Tracking adversary activity on a host via in-depth timeline analysis; Understanding evidence needed to determine malware types and selecting appropriate defenses and response tactics; Identifying lateral movement and pivots within client enterprises; Using memory analysis tools to determine adversary activity on hosts and pivot points across the network; Examining traffic to identify patterns warranting further investigation; Identifying and tracking malware beaconing to its command and control channel via memory, registry analysis, and network connections; Providing technical assessment/audit and guidance on cyber security controls in accordance with frameworks such as NIST CSF 2.0, HIPAA, ISO 27001/27002, SOC2, and NERC-CIP; Participating in practice-building activities including recruiting and training. Qualifications Bachelor’s or Master’s degree with a relevant focus (Computer Science, Digital Forensics, Information Security and/or Information Systems). 2-4 years of relevant work experience in financial/economic analysis, preferably in a consulting firm (recent graduates and candidates in the workforce are considered); Recent graduates or individuals without directly relevant experience may be hired into the Analyst title ; Digital forensics/incident response training and certifications (SANS GIAC GCFA/GCFE/GNFA/GIME, IACIS CFCE/CIFR, Magnet MCFE, X-ways X-Pert or similar); Strong understanding of computer operating systems, software and hardware; Ability to conduct detailed forensic investigations and analysis of computers, networks, mobile devices and removable media; Experience with digital forensic analysis using commercial and open-source tools (file system forensics, memory analysis, network analysis); Experience with static/dynamic malware analysis and threat hunting in live environments; Experience in collegiate computer security competitions; Strong understanding of proper evidence handling procedures and chain of custody; Experience drafting technical and investigative reports and communicating technical findings; Experience with automation tools and scripts to expedite analysis; Understanding incident handling procedures: preparation, identification, containment, eradication, and recovery; Understanding of common attack techniques and how to stop further adversary activity. To Apply To be considered for a position in the United States, we require the following: Resume – include current address, personal email and telephone number; Cover letter – describe your interest in CRA and how this role matches your goals; For international locations, please visit our Careers site to view and apply for available jobs. Career Growth and Benefits CRA’s robust skills development programs, including 100 hours of training annually, plus opportunities for leadership and collaboration through internal firm development activities. Comprehensive total rewards program including a benefits package, wellness programs, immigration support for foreign nationals and international travelers. Work Location Flexibility CRA supports in-office collaboration while allowing periodic remote work. Generally, expect 3 to 4 days per week in the office, with specific days coordinated with your team. Equal Employment Opportunity Charles River Associates is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other protected characteristic under applicable law. #J-18808-Ljbffr