Forensic jobs in United States

Ankura is a team of excellence founded on innovation and growth.

This position supports the Data & Technology practice - one of six practices focused on client delivery services across the Firm.

Ankura's Cyber Security and Privacy Practice is a full-service suite of Cyber Security and privacy solutions, regardless of industry or size.

Our global team of over 100 professionals includes former federal law enforcement personnel, in-house security experts, Big 4 consultants, federal regulators, threat intel and dark web experts, etc. We have helped clients and partners for 10+ years across industries and geographies with the following services:

• Incident Response, Intelligence, and Investigations.
• End Point & Managed Detection & Response.
• Technology, Privacy, and Cyber Risk Advisory.

The EMEA Cyber Security & Privacy practice is growing and has ambitions to expand its capabilities from a strong base in incident response, intelligence and investigations into additional proactive security, AI security and managed detection & response services.

• Have the opportunity to get involved with challenging projects for both Proactive and Reactive client work.
• Join a global diverse team working across the EMEA region.
• We can support and develop individuals who aspire to be an expert.
• Opportunities for career development, an assigned career mentor, access to Ankura Academy, and opportunities to collaborate on projects with other Ankura practices.
• Work within a collaborative environment, whereby our professionals have the freedom to innovate which promotes curiosity, learning and communication.

The goal of this role is for applicants at this grade to support the team across different service offerings Ankura take to market, depending on client demand and professional interests. Usually team members are expected to contribute to all our offerings and eventually major on a primary discipline as their career develops with us.

• Participate in cyber incident response investigations that may require log, forensic, host based and malware analysis.
• Performing digital forensic data acquisition, preservation and analysis, including comprehensive contemporaneous note taking.
• Collect and analyse firewall logs, network traffic logs and host system logs to evaluate whether unauthorised access or information exfiltration occurred.
• Perform forensic analysis to identify the presence of any malware, malware capabilities and understand the actions performed by the malware.
• Conduct security investigations in Windows and/or Linux/Mac environments
• Provide input into client communications, both written and oral, related to analyses performed for senior level review.

• Develop an understanding of a client's security posture to guide them in identifying, analysing and addressing cyber related threats and risks.
• Perform and support evaluation of Cyber Security programs based upon a recognised framework or regulation e.g. NIST Cyber Security Framework, NIS Directive , PCI Data Security Standard, ISO Standards, etc.
• Perform technical testing of clients' environments including best practice audits, network assessments, penetration testing and vulnerability assessments.
• Carry out cyber security assessments across a range of technology architectures including cloud and hybrid models.

• Develop and deliver recommendations, reports, and presentations outlining findings from projects and summarising results of work performed.
• Maintain detailed working records reflecting assumptions, methodologies, and information sources employed during the performance of all analytical tasks.
• Manage time and tasks to meet internal and external deadlines.
• Maintain professional image within the company and project the same to those outside of the company.
• Support the day-to-day activities of engagements including interaction with other team members, subject matter experts, and client contacts.
• Provide input into client communications, both written and oral, throughout the lifecycle of the project.

• You will have qualified in Cyber Security or related disciplines including Computer Science, Engineering, Technology or Computer Forensics or have 3+ years of industry experience and gained experience working on client facing engagements in a management consulting firm.
• Holder of industry qualifications are preferred, but not required: CISSP, SANS, CISA, PMP, CISM, CREST, OSCP/OSCE, GWAPT, GXPN, GPEN and/or similar Forensics / Cyber Security certification(s)

• Passion for Cyber Security or Incident Response and a desire for continuous improvement in expertise
• Strong ability and desire to use technology to solve complex problems
• Understanding of how to communicate effectively and concisely with key stakeholders
• Ability to approach projects both from a strategic and tactical perspective
• Ability to work both independently and as part of a team in a high-paced, multi-task environment with attention to detail.
• Strong conceptual, as well as quantitative and qualitative analytical skills
• Team player comfortable working in a dynamic and fast-paced collaborative environment
• Exceptional organisational skills, to include detailed note taking abilities
• Strong attention to detail, possessing problem solving, troubleshooting and analytical reasoning skills
• Frequently communicates with clients and co-workers and share information effectively
• Flexibility and responsiveness working on multiple projects in sometimes high-pressure situations simultaneously
• Ability to travel in and outside the UK for work, which could involve a few weeks at a time. Engagement duration can range from a week to months. The ability to travel at short notice is important
• Able to support out of hours work (approx. one in four weeks)
• Ability to engage with team and client personnel in demanding, deadline-driven situations
• Excellent communication (both written and verbal), mathematical, and organisational skills
• Flexibility with respect to assigned tasks and engagements due to challenging deadlines, changing deliverables, and evolving task priorities

• Detailed understanding of operating systems and network architecture including high level administrative experience working with Windows and/or non-Windows systems (such as Linux, Unix, Mac)
• Familiarity with security technology stacks, applications and solutions including but not limited to firewalls, SIEM platforms, end-point detection & response, Cloud security platforms, logging and monitoring systems, DLP, anti-malware controls, security compliance tools, intrusion detection and response systems.
• Knowledge about applied cyber security principles including policies and good practices, cryptography, access controls, application and network security
• Understanding of security principles, policies and industry best practices
• Strong work ethic, eagerness to learn, and motivation to succeed
• Functional understanding of Network Architecture, Design, and Security Best Practices
• Fundamental understanding of Computer Forensics principles and practices
• Familiarity with NIST or ISO frameworks and/or risk assessment methodology
• Knowledge of Cyber Security compliance and frameworks, such as NIST, ISO 27001 etc.
• Familiarity assessing and benchmarking security controls in common cloud platforms including Office 365, Google Suite, Azure, AWS or Google Cloud
• Ability to correlate events from multiple sources to create a timeline analysis across end points of an incident; proficient in log analysis of multiple types; ability to analyse network packet captures and understand memory capture and analysis.
• Scripting/programming experience (specifically Python, C#, VBA, or Powershell)
• Awareness of AI tools, techniques and approaches for use in cyber security and DFIR projects.

Ankura is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.