Senior Associate (DFIR)-Cyber Practice, New York, NY
PRACTICE AREA: Cyber
LOCATION: New York, NY
REPORTS TO: Director
Senior Associates, Digital Forensics Incident Response (DFIR), in my client's Cyber Practice, collects and analyzes electronic evidence as part of cyber investigations.
Senior Associates also have the opportunity to assist Associate Directors, Directors, Senior Directors, and Managing Directors with business development and client engagement matters.
ESSENTIAL JOB FUNCTIONS
Senior Associates are generally responsible for:
- Collecting, preserving, and analyzing data from electronic data sources, including laptop and desktop computers, servers, cloud environments, and mobile devices.
- Determining the cause and extent of network intrusions and other cybersecurity incidents.
- Lead reactive Incident Response projects, including data breach, business email compromise, and other cyber related investigations.
- Assist with projects in other practices, as needed.
- Manage multiple projects, simultaneously.
- Working under tight deadlines and outside of normal business hours, when required.
- Produce high-quality work product and present complex technical matters clearly and concisely through excellent writing and oral presentation skills.
- Ongoing ability to work with colleagues effectively and professionally.
- Ability to work independently and as part of a team.
- Experience conducting investigative research as part of litigation support projects and/or asset traces.
- Excellent organizational skills and an ability to manage multiple projects at once with limited supervision.
EDUCATION & EXPERIENCE REQUIREMENTS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
- Senior Associate candidates will have 3-5+ years of performing digital forensics and incident response (DFIR) functions including, but not limited to: forensic analysis of Windows, Macintosh, and Linux operating systems as well as analysis of iOS and Android devices.
- Hold a GCFE, GCIH, CCE, EnCE or equivalent digital forensics / incident response certification.
- Proficiency with industry standard DFIR applications such as Encase, FTK, Nuix, Magnet, MSAB, Cellebrite, and memory forensic capture and analysis tools such as Redline and Volatility.
- Working knowledge of cloud infrastructures such as Amazon Web Services, G Suite, Office 365, and Azure.
- Experience analyzing log files and event logs from Windows Events, Apache, IIS, firewall log files, etc.
- Knowledge of command line tools (e.g., grep, PowerShell, etc.) and coding languages (e.g., Python, C, C++, etc.).
- Possess a deep understanding of Endpoint Detection & Response (EDR), Intrusion Detection & Prevention (IDP), Security Information & Event Management, and Network Analysis Tools.
- Scripting/programming skills (Python, SQL, VBA scripts or other similar programming languages).
- Experience with data visualization tools (Tableau, Power BI, Pivots, and Advanced Excel).
PHYSICAL & SAFETY EXPECTATIONS
When physical requirements are not essential job functions, reasonable accommodations may be made for individuals with disabilities. Candidates are expected to:
- Be comfortable with sitting at a desk and working on a computer.
- Be able to lift up to 5 pounds at times.
- Have the ability to see, hear, and speak continuously at a level to meet all essential functions of the job.
- Work with high attention and mental demands including the ability to prioritize and process with accuracy.