Industry: Accounting, Finance & Insurance•
Less than 5 years
Posted 96 days ago
A career in our Incident and Crisis Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digitalbusiness model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurityinvestment, and detect, respond, and remediate threats. Our team helps organisations manage their controls over access to critical systems and assets during a crisis or an active cyberthreat. As part of the team, you’ll help us develop controls to stay ahead of a crisis, but also help us maintain security and information risk by responding and remediating any current or future cyberthreats.
As a Senior Associate, you’ll work as part of a team of problem solvers with extensive consulting and industry experience, helping our clients solve their complex business issues from strategy to execution. Specific responsibilities include but are not limited to:
Job Requirements and Preferences:
Minimum Degree Required:
Required Fields of Study:
Computer and Information Science, Computer Applications, Management Information Systems, Computer Engineering, Forensic Science
Minimum Years of Experience:
in GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA.
Demonstrates thorough abilities and/or a proven record of success in the following areas: - Apply incident handling processes-including preparation, identification, containment, eradication, and recovery-to protect enterprise environments; - Analyze the structure of common attack techniques in order to evaluate an attacker's spread through a system and network, anticipating and thwarting further attacker activity; - Utilize tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each; - Use memory dumps and memory analysis tools to determine an attacker's activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network; - Acquire infected machines and then detect the artifacts and impact of exploitation through process, file, memory, and log analysis; - Analyze a security architecture for deficiencies; - Recognize and understand common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures; - Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts; - Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016; - Conduct in-depth forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian; - Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage; - Hunt and respond to advanced adversaries such as nation-state actors, organized crime, and hacktivists; - Extract files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations; - Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation; - Detect and hunt unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment; - Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections; - Target advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence; - Use memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more; - Track user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and, - Identify lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.
Job ID: 14108WD