Sr. Consultant, DFIR
Aon
- Toronto, ON British Columbia
- $100,000-125,000 per year
- Permanent
- Full-time
- Preserve and analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices.
- Lead technical engagements and present key findings to the client.
- Investigate network intrusions and other cyber security breaches to determine the cause and extent of the breach.
- Support or provide expert testimony in depositions, trials, and other proceedings.
- Build intellectual capital for the firm by writing blogs, submitting to CFPs, and creating internal tools for analysis.
- Work collaboratively across agencies and physical locations.
- Participate in technical meetings and working groups to address issues related to malware security, vulnerabilities, and issues of cybersecurity and preparedness.
- Comfort with intermittent periods of significant travel, evening and weekend hours.
- Experience leading or working on Ransomware, business email compromise, network intrusions, APT and/or malware cases.
- GCFE, GCIH, CCE, EnCE or equivalent DFIR certification.
- Experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
- Proficiency with industry-standard DFIR toolsets, including X-Ways, EnCase, Axiom/IEF, Cellebrite, FTK, Pstools and Volatility.
- Proficiency with database querying and analysis.
- Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
- Experience with conducting log analysis of Windows Event Logs, Apache, IIS, and firewall logs.
- Ability to conduct basic malware analysis.
- Experience with command line tools (grep, sed, awk, PowerShell), python, and other programming languages.
- Familiarity with computer system hardware and software installation and troubleshooting.
- Well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem solving abilities.
- Strong shell, C, C++ and/or Java programming skills and proficiency in Assembler languages a plus.
- Relevant and related industry experience required.