Senior Associate, Information Security - Forensics

Overview

The Senior Associate, Information Security - Forensics is part of a global team and is responsible for incident response of cyber security incidents that are associated with our businesses, clients, and vendors. The role is technically skilled, ensures incident containment, remediation, and closure, and collaborates closely with legal, data privacy, business, and client teams. The incumbent is expected to interact with senior executives, including C‑level staff.

• Serve as Incident Commander to lead investigations and responses of cyber security incidents.
• Analyze compromised or potentially compromised systems using forensics tools.
• Coordinate evidence and data gathering and document security incident reports.
• Manage, review, and present written and oral reports to management in a concise and accurate manner.
• Maintain current knowledge of advanced persistent threat tools, techniques, and procedures, forensics, and incident response best practices.
• Conduct complex forensic investigations into system breaches, data leaks, and system weaknesses.
• Provide technical expertise to staff on security incident monitoring, triage, response, threat, vulnerability management, and security analysis.
• Provide strategic direction on incident management activities that drive efficiencies across the company, including automation with AI tools.

• EDR experience with Crowd Strike and/or Sentinel One, investigating and analyzing malware and other malicious activity.
• Experience with forensics tools such as FTK, EnCase, Autopsy to collect and analyze file system artifacts, process history, application artifacts, and memory for physical and cloud systems.
• 4 or more years of analytical experience in forensics, threat analysis, incident response, SOC, or security engineering/consulting roles.
• Experience with cloud environments (Azure, AWS, GCP) and log collection from Guard Duty, Defender, Cloud Trail, etc.
• Familiarity with MITRE ATT&CK or related frameworks.
• Experience developing and managing incident response programs focused on efficiency through AI development.
• Strong communication skills and confidence leading Incident Response calls with stakeholders and producing detailed incident reports.
• Proficiency in social engineering, phishing, and related fraud schemes.
• Strong general knowledge of security concepts, network, and web application security issues.
• Experience with scripting languages (Python, Bash, Power Shell, etc.) in an incident handling environment.

All your information will be kept confidential according to EEO guidelines. This job description does not create an employment contract and the incumbent(s) will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities.

No employment contract or implied contract is created other than at‑will relationships.