Digital Forensics and Incident Response Sr. Associate

CAN-ON-Toronto-11 King Street W #700

RSM

RSM US LLP is the leading U.S. provider of assurance, tax and consulting services focused on the middle market.

View all jobs at RSM

Apply now Apply later

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.

The RSM Cyber Response team are the first responders to a client during a cyber crisis.  We help bring order and calm to the chaos and help to diagnose and guide a client through the entire incident response lifecycle to detect, contain, respond, and recovery from the crisis.  We provide the highest level of expertise across digital forensics and incident response and help work across the client team, and their business partners to protect their interests.  When not dealing with cyber crisis events we help clients prepare for those situations by developing, reviewing, and exercising their cyber crisis plans.  The ideal candidate will have a passion for and a strong background in digital forensics, incident response, and cybersecurity.

The Digital Forensics and Incident Response (DFIR) Sr. Associate will be interfacing directly with clients, their teams, and external stakeholders including insurance carriers and legal counsel while participating as part of the RSM Cyber Response team in a client engagement.  The engagement types will span across scenarios like Business Email Compromises (BEC), Ransomware Attacks, Data Exfiltration, Insider Threats, Device Digital Forensics and many other types.

Responsibilities:

  • Participate in scoping calls with clients as requested to assist in defining the incident scope, objectives, and expectations of each engagement.
  • Work closely with other Cyber Response team members to ensure effective engagement.
  • Build strong client relationships based on establishing yourself as a trusted advisor, providing good communication, and being a collaborative problem solver.
  • Communicate advanced cybersecurity concepts both internally and externally and produce clear and concise verbal and written reports detailing incident findings, and analysis.
  • Actively knowledge share with team members cultivating a culture of continuous learning, and stay up to date on industry trends, emerging threats, and best practices.
  • Develop and enhance capabilities of the DFIR practice.
  • Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
  • Conduct digital forensic investigations and incident response activities as part of the engagement team.
  • Collect, preserve, and analyze forensic evidence.

Qualifications:

Expertise in all these areas is not required, but you should be excited by the opportunity to learn new things and comfortable with working with other team members to expand your knowledge base and experience.

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related degree, or relevant work experience in these disciplines
  • Former professional experience in participating in active cybersecurity engagements, including incident response, digital forensics investigations, and interaction with clients.
  • Experience in conducting security investigations in Linux and Windows, AWS, Azure, and GCP environments.
  • Knowledge of digital forensic artifacts and tools such as ELK, Axiom, Encase, FTK, Volatility, or Open-Source tools.
  • Scripting in one or more scripting languages such as Python, PowerShell, or .NET
  • Proficiency in conducting forensic analysis, threat assessments, and post incident reviews.
  • Certifications across at least one of CEH, CFCE, CHFI, CISSP, ECIH, ECSA, GCFA, GCFE, GCIA, GCIH, GPEN, GREM, GWAPT, MiCFE, OSCP, Security+
  • Excellent communication and interpersonal skills.
  • Ability to work independently and as part of a team to learn, grow your knowledge, and teach your colleagues.
  • Ability to provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
  • Ability to work an alternative schedule such as Tuesday through Saturday or Sunday through Thursday if necessary for maintaining coverage.

At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmcanada.com/careers/life-at-rsm/rewards-and-benefits.html.

RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Canadian uniformed service; Canadian Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.   

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at careers@rsmus.com.

At RSM, an employee’s pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.

Compensation Range: $61,000 - $97,500

Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.

Apply now Apply later
Job stats:  0  0  0

Tags: AWS Azure CEH CFCE CHFI CISSP Computer Science DFIR ECSA ELK EnCase Forensics GCFA GCFE GCIA GCIH GCP GPEN GREM GWAPT Incident response Linux OSCP PowerShell Python Scripting Windows

Perks/benefits: Career development Competitive pay Health care Insurance Medical leave Salary bonus Team events

Region: North America
Country: Canada

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.