- Company Name
- Charles River Associates
- Job Title
- Associate Principal/Cybersecurity & Incident Response (Forensic Services practice)
- Job Description
-
**Job Title**: Associate Principal – Cybersecurity & Incident Response (Forensic Services)
**Role Summary**:
Lead complex forensic and cyber‑incident investigations for corporate and legal clients. Own end‑to‑end incident response, digital forensics, and cybersecurity assessment engagements across multiple frameworks. Drive quality, efficiency, and client satisfaction while managing and developing a multidisciplinary forensic team.
**Expectations**:
- Execute high‑profile investigations as senior technical lead and spokesperson.
- Deliver quality forensic evidence, incident reports, and expert testimonies for litigation.
- Maintain professional relationships with law enforcement and regulatory bodies.
- Cultivate new business opportunities and support proposal development.
- Identify, adopt, and implement tooling and process improvements.
- Travel to client sites as required.
**Key Responsibilities**:
1. Lead security and privacy investigations: breach detection, threat analysis, malware, and unauthorized access incidents.
2. Conduct forensic analysis of digital evidence using industry‑standard tools and evidence handling protocols.
3. Serve as primary client liaison for incident response activities, ensuring timely communication and resolution.
4. Supervise project execution, enforcing quality assurance and product integrity.
5. Enhance incident response capabilities by evaluating and deploying new tools and methodologies.
6. Maintain liaising relationships with local, state, federal law‑enforcement and regulatory agencies.
7. Recruit, train, and retain forensic personnel; manage team morale and professional growth.
8. Lead business development: build client relationships, craft proposals, and present solutions.
9. Provide technical assessments/audits against NIST CSF 2.0, HIPAA, ISO 27001/27002, SOC 2, NERC‑CIP and other frameworks.
10. Collaborate with counsel on investigative direction and strategy.
**Required Skills**:
- 7–10+ years in cyber intrusion investigation, digital forensics, or incident response.
- Proven leadership of technical teams with ability to prioritize multiple engagements.
- Hands‑on expertise as incident responder, malware analyst, or network forensic analyst; experience testifying in court.
- Strong knowledge of networking (TCP/IP, traffic flow, protocols), operating systems (Windows, *nix), web technologies, and mobile device forensics.
- Familiarity with forensic tools (EnCase, FTK, Autopsy, Cellebrite), SIEM, EDR, and incident response platforms.
- Ability to conduct data‑driven analytics and apply best practices.
- Excellent communication (verbal, written) and presentation skills.
- Willingness to travel for client engagements.
**Required Education & Certifications**:
- Bachelor’s or Master’s degree in Computer Science, Information Security, or related field (preferred but may be waived with sufficient experience).
- Relevant certifications: GCFA/GCTI, GCIH, GCFA, CISSP, CISM, CEH, or equivalent.
- Additional certifications in digital forensics or incident response are advantageous.
---