Senior Associate, Cyber Risk
Our professionals balance analytical skills, deep market insight and independence to deliver solid, defensible analysis and practical advice to our clients. As an organization, we think globally. We create transparency in an opaque world, and we encourage our people to do the same. That means when you take your place on our team, you'll discover a supportive and collaborative work environment that empowers you to excel. If you're ready to share your perspective with the world, then you can make a real impact here. This is the Duff & Phelps difference
Kroll, a division of Duff & Phelps is a leader in cyber investigations, incident response, and breach notification. With a global footprint, our team of forward-thinking experts supports clients with innovative digital resources and strategies in cyber risk prevention, investigations and reporting. Kroll's deep investigative experience, grounded in complex risk management challenges, has been an advantage to Kroll clients since 1972. You can rely on us to bring the same tenacity, foremost specialists, uncommon resources and multidisciplinary team approach to complex cyber problems. Our holistic approach combines the most advanced technical expertise with deep insight into the integral role that humans play in every cyber incident. With the ability to draw on the wealth of expertise of Kroll colleagues throughout the world, we deliver cyber-related services through three broad practices.
At Duff & Phelps, your work will help protect, restore and maximize value for our clients. Join us and together we'll maximize the value of your career. Responsibilities:
- Use leading-edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected Cyber intrusions.
- Follow proper evidence handling procedures and chain of custody protocols.
- Determine programs that have been executed, including finding files that have been changed on disk and in memory. Use timestamps, host and network logs, photographs, and the collection of hash information to develop authoritative timelines of activity.
- Find evidence of deleted files and hidden data. Identify and document case relevant file-system artifacts, including browser histories, account usage, and USB histories.
- Assist with preliminary analysis by tracing an activity to its source and produce documents findings for input and into a forensic report.
- Analyze and assess risk to client's information technology systems and enterprise environment.
- Take ownership of projects and deliverables.
- Participate in technical reviews including; the evaluation of Windows and Linux systems, database configurations, application auditing, network device
- Conduct research and analysis through the use of in-hours as well as external resources
- Produce accurate, high quality client reports
- Self-motivated and able to demonstrate a passion for this type of work. This will include evidence of research, knowledge of a diverse array of tool-sets, community participation and self-learning beyond commercial training
- Bachelor's Degree in a technical discipline preferred
- Minimum of 5 years' experience with digital forensics with a focus on external threat incident response and network forensics
- Forensics related certifications such as GNFA, GCFA, GCFE, GCIH, CFCE, EnCE
- Experience with acquiring or collecting computer artifacts, including malware, user activity, and link files from various systems
- Experience with assessing evidentiary value by triaging electronic devices, correlating forensic findings with network events to further develop an intrusion narrative
- Experience with collecting and documenting system state information, including running processes and network connections prior to imaging
- Experience with performing incident triage from a forensic perspective, including determining of scope, urgency, and potential impact
- Experience with tracking and documenting forensic analysis from initial involvement through final resolution
- Must be able to assist clients in responding rapidly and effectively to computer-related incidents and should consistently exceed expectations while working in a client-facing environment
- Have the capability to quickly identify the source of a security breach and move toward containment is essential
- Have proficiency in conducting live analysis on networks and across multiple platforms is desired. Must possess the ability to articulate well in both written and oral communications
- Must also be able to manage multiple projects on a daily basis
- Willingness to travel up to 50%
In order to be considered for a position at Duff & Phelps, you must formally apply via careers.duffandphelps.jobs
Duff & Phelps is committed to equal opportunity and diversity, and recruits people based on merit.