Associate​/Cybersecurity & Incident Response; Forensic Services practice

Associate/Cybersecurity & Incident Response (Forensic Services practice)

Join to apply for the Associate/Cybersecurity & Incident Response (Forensic Services practice) role at Charles River Associates

About Charles River Associates CRA is a leading global consulting firm that provides independent economic and financial analysis behind litigation matters, guides businesses through critical strategy and operational issues to become more profitable, and advises governments on the economic impact of policies and regulations. Our two main services – economic and management consulting – are delivered by practice groups that focus on specific areas of expertise or industries.

Learn how CRA can help you launch your career.

CRA’s Forensic Services practice supports companies’ commitment to integrity by independently responding to allegations of fraud, waste, abuse, misconduct, and non‑compliance. We deploy cross‑trained teams of forensic professionals to help clients gain deeper insights more quickly. We provide accounting and forensic services as well as cybercrime investigation services and value knowledge of cybersecurity concepts, research experience, quantitative ability, exceptional written and oral communication skills, and a high level of initiative.

Associates are expected to use data to solve client problems, work collaboratively, manage time effectively, prioritize tasks, and take pride and ownership in their work.

• Executing security and privacy investigations for CRA clients, in preparation of, and in response to, data security matters, including ongoing breach detection, threat analysis, incident response, and malware analysis.
• Providing expert digital forensic support for counsel and clients for data security incidents, such as data breaches or fraud.
• Assisting in drafting forensic reports, affidavits, and testifying as an expert in digital forensics and incident response.
• Engaging in problem‑solving and forensic analysis of digital information using standard evidence handling techniques and computer forensics tools.
• Identifying, researching, and organizing information to assess the appropriateness and sufficiency of available data to facilitate effective data access and analysis.
• Developing familiarity with data that serves as input to this analysis, including threat intelligence, logging data, and contextual clues.
• Recognizing relationships among multiple sources and types of information to facilitate effective data analysis.
• Programming, model building, and database administration (Python, T‑SQL, VBA, Excel, C#, among others).
• Ensuring reliability of analysis and risk management through implementing quality control measures and documentation.
• Forensically acquiring data and images from identified hosts locating evidence of compromise, and determining its impact from disk, file, memory, and log analysis.
• Identifying artifact and evidence locations to answer critical questions, including execution, file access, data theft, anti‑forensics, and detailed system usage by an adversary.
• Detecting and hunting unknown live, dormant, and custom malware across multiple hosts in an enterprise environment.
• Creating Indicators of Compromise (IOCs) from analysis to strengthen incident response and threat intelligence efforts.
• Tracking adversary activity second‑by‑second on a host via in‑depth timeline analysis.
• Understanding the evidence needed to determine the type of malware used in an attack, including rootkits, backdoors, and Trojan horses, and choosing appropriate defenses and response tactics for each.
• Identifying lateral movement and pivots within client enterprises, showing how an adversary transitions from system to system without detection.
• Using physical memory analysis tools to determine an adversary’s activities on a host and other hosts the adversary used as pivot points across the network.
• Examining traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation.
• Identifying and tracking malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections.
• Providi…