About the Role
Supports organizations in upholding integrity by independently investigating allegations of fraud, misconduct, and non-compliance, including conducting digital forensics, analyzing security incidents, and aiding in incident response and threat intelligence initiatives.
Responsibilities
- Conduct investigations into data security incidents, including breach detection, threat assessment, and malware analysis.
- Deliver digital forensic expertise to legal teams and clients during data breach or fraud cases.
- Assist in preparing forensic reports, affidavits, and provide expert testimony in digital forensics and incident response.
- Apply standard evidence handling and forensic tools to analyze digital data for investigative purposes.
- Supply tactical and strategic intelligence on threat actors, their methods, and motivations.
- Develop custom intelligence products using open and closed sources and independent research.
- Support incident response, threat hunting, and intelligence teams with timely data collection and analysis.
- Analyze malicious files, executables, documents, and network packet captures.
- Evaluate data sources for relevance, completeness, and usefulness in forensic investigations.
- Gain familiarity with threat intelligence, system logs, and contextual data used in forensic analysis.
- Identify connections across diverse data sources to enhance investigative outcomes.
- Utilize programming and database tools such as Python, T-SQL, VBA, Excel, and C# for data modeling and administration.
- Maintain analysis integrity and manage risks through quality control and documentation.
- Collect and analyze forensic images from compromised systems to determine impact and evidence of intrusion.
- Locate digital artifacts to answer key questions about system access, data theft, and adversary behavior.
- Detect and investigate unknown, dormant, or custom malware across enterprise networks.
- Generate Indicators of Compromise (IOCs) to improve incident response and intelligence capabilities.
- Reconstruct adversary activity on systems through detailed timeline analysis.
- Determine malware types such as rootkits, backdoors, and Trojans, and recommend appropriate defenses.
- Trace lateral movement and system pivoting by adversaries within enterprise environments.
- Use memory analysis to uncover adversary actions and identify pivot systems across networks.
- Analyze network traffic and protocols to detect suspicious patterns or actions.
- Track malware communications with command and control servers using memory, registry, and network data.
- Assess cybersecurity controls against standards such as NIST CSF 2.0, HIPAA, ISO 27001/27002, SOC2, and NERC-CIP.
- Engage in recruiting, training, and other practice development activities.
Compensation
Comprehensive total rewards program including extended medical, dental, and vision insurance; ERP with employer contribution; TFSP; RESP; life and disability insurance; paid time off (vacation, sick leave, holidays); paid parental leave; wellness programs and employee assistance resources; and commuter benefits
Work Arrangement
Hybrid
Team
Equal opportunity employer (EOE) status
Other
- Applicants for Canadian positions must submit a resume with current address, personal email, and phone number.
- Employees are expected to work in the office 3 to 4 days per week, including travel to other offices or client sites, as coordinated with the team.
- Annual 100-hour training commitment through formal and informal learning programs.
- Internal development includes leadership and collaboration opportunities.
- Equal opportunity employer (EOE) status.