Cra - Boston, MA
posted about 2 months ago
Charles River Associates (CRA) is seeking an Associate for its Cybersecurity & Incident Response team within the Forensic Services practice. This role is designed for individuals who are curious, analytical, and highly motivated, with a background in Computer Science, Digital Forensics, Information Security, or Information Systems. The ideal candidate will have 2-4 years of relevant experience and a strong understanding of cybersecurity concepts. Associates will be expected to leverage their knowledge and skills to solve complex client problems, work collaboratively within a team, and manage their time effectively while taking ownership of their work. In this position, Associates will execute security and privacy investigations for CRA clients, addressing data security matters such as breach detection, threat analysis, incident response, and malware analysis. They will provide expert digital forensic support for clients and counsel during data security incidents, including drafting forensic reports and potentially testifying as experts in the field. The role involves engaging in problem-solving and forensic analysis of digital information, utilizing standard evidence handling techniques and computer forensics tools. Associates will also be responsible for identifying, researching, and organizing information to assess the appropriateness and sufficiency of available data for effective analysis. They will develop familiarity with various data inputs, including threat intelligence and logging data, and recognize relationships among multiple sources of information to facilitate effective data analysis. Programming and database administration skills will be utilized, with a focus on languages such as Python, T-SQL, VBA, and C#. Quality control measures and documentation will be essential to ensure the reliability of analysis and risk management. The role requires forensically acquiring data and images from identified hosts, locating evidence of compromise, and determining the impact through disk, file, memory, and log analysis. Associates will also detect and hunt for unknown malware across multiple hosts, create Indicators of Compromise (IOCs), and track adversary activity through in-depth timeline analysis. Understanding the evidence needed to determine the type of malware used in attacks and identifying lateral movement within client enterprises are critical components of the role. Additionally, providing technical assessments and guidance on cybersecurity controls in accordance with various frameworks will be part of the responsibilities. Participation in practice-building activities, including recruiting and training, is also expected.