JOB TITLE: Associate Director, Forensics
JOB CODE: P19
SUMMARYThe Associate Director of Forensics manages and oversees all aspects of the Digital Forensics Incident Response (DFIR) engagements for multiple Tiger Teams, including the Tiger Team’s performance, execution, delivery, quality control, and client development. Operating as an industry leader in Digital Forensics Incident Response, and a trusted advisor to the client and breach coach, the Forensic Associate Director helps to ensure 100% client success. The Associate Director, Forensics will provide breach coaches and Insurance Carriers with tailored detailed analysis through a narrative and story with reports summarizing how the unauthorized actor obtained access and identifying the potential root cause of the cyber intrusion.
ROLES & RESPOSIBILITIES- Provides forensic data and artifact collection requests needed for the forensic analysis and ensures the data is collected, delivered, and processed following the project timelines and deliverables
- Responsible for shadowing on scoping calls they are assigned to by the teams IR Ops Associated
- Responsible for listening to the scoping call to have situational awareness and case background from the start of every engagement, so they can drive the forensic investigation forward ensuring the right data is collected and analysis questions answered
- Supporting the Director, as a Forensic SME for all active forensic analysis for projects on their assigned Tiger Teams
- Responsible for maintaining target utilization for the assigned Tiger Teams from client billable work including forensic analysis, participating in client update or forensic scoping and update findings calls, client correspondence related to forensic analysis, data collection, or investigative questions verbally or in writing
- Manages and oversees the forensic data collection process in support of the forensic investigation for the assigned engagement
- Ensures the forensic project timeline is on track, daily updates are provided from the assigned Tiger Teams, and Analyst SLAs are met (i.e., report is delivered on time, interim and final updates are provided on time when asked)
- Ensures the Tiger Teams and assigned analysts have the data, context, and clarity they need to conduct accurate and timely analysis
- Participate in client-facing calls when needed to support Tiger Teams and provide forensic updates as needed to ensure accurate findings are conveyed as they relate to the investigation
- Communicating both verbally and in writing to answer client and counsel questions related to the forensic investigation
- Oversee the delivery of the Tiger Teams and forensics pool while providing technical reviews and quality control for updates and reports
- Support the Tiger Team with delegating and managing the Tiger Team including the Senior Analysts and Analysts on their respective Tiger Team
- Conducts the performance reviews of all forensic analysts on their respective Tiger Teams
- Maintain a minimum caseload of at least three cases for which they will lead and deliver forensic analysis updates with the Tiger Team. The caseload will be maintained alongside the Forensic Associate Director’s other responsibilities and duties
- Conducts final review of the report from the perspective of the forensic investigator ensuring all possible investigative questions were addressed in the analysis and requesting additional context or analysis when the report requires more work
- May perform other duties as assigned by management
- Manage cadence and team delivery through routine team meetings
- Review and assess team performance through the measurement of KPIs
- Develop consistency between pods through the execution of playbooks and consistent training for new hires
- Ensure projects stay within scope, schedule, and budget
- Manage project communications, negotiations, and solutions
- Address client feedback as directed by Sr. Leadership
- Hold individuals accountable for following the playbooks
- Inspire individuals to achieve results measured by defined metrics
- Be open to new ideas and ensure best practices are implemented
- Ensure adherence to business processes to ensure operational efficiency and help identify infrastructure requirements to meet the business needs
- Track lessons learned from previous projects and ensure playbooks and training materials are reviewed & updated regularly
- Manage project assignments and hand off processes
- Ensure the team follows and upholds standardized process
- Ensure client satisfaction among internal and external stakeholders
- Responsible for creating and updating metrics indicating client satisfaction among internal and external stakeholders
- Provide oversight of client satisfaction among internal and external stakeholders
- Monitor and report metrics indicating client satisfaction among internal and external stakeholders
- Support the development of strategic partnerships to maintain profitable and long- lasting relationships with key clients
- Must have 10+ years of incident response or digital forensics experience with a passion for cyber security (consulting experience preferred)
- Proficient with host-based forensics, network forensics, malware analysis and data breach response
- Experienced with EnCase, Axiom, X-Ways, FTK, SIFT, ELK, Redline, Volatility, and open-source forensic tools
- Experience with a common scripting or programming language, including Perl, Python, Bash, or PowerShell
- Experience managing and mentoring forensic teams, preferably in a security, incident response or professional services consulting firm
- A deep understanding of working with legal counsel and the ability to thrive in a fast-paced environment, experience working with and communicating with C-level executives, attorneys, and insurance carriers
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
WORK ENVIRONMENTWhile performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.TERMS OF EMPLOYMENTSalary and benefits shall be paid consistent with Arete's salary and benefit policy.
DECLARATIONThe Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITYWe’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Similar Jobs
What We Do
Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime. We are leaders in the cyber incident response business, having worked on thousands of matters since our inception in 2016. When clients engage Arete, they gain access to the world’s leading cybersecurity professionals — anywhere in the world — within hours, not days. We also work with organizations after a cyberattack to harden their systems and controls to help prevent future disruption.
We often partner with insurance carriers and their legal counsel in response to cyber insurance claims and are proud to work closely with these firms who are on the frontlines of keeping businesses and local governments up and running after cyberattacks.
We are a highly data-driven organization that uses the data we collect and the information we curate not only to improve outcomes for our clients but also inform new models and approaches for cyber risk mitigation and underwriting. We believe in the concept of “collective defense” of our economy, infrastructure, and livelihoods against cybercrime and actively work with law enforcement, government entities, and industry consortia to share our findings and best practices.
At Arete, we share a common passion, with uncompromising integrity in all that we do, to help our clients impacted by emerging issues in cybercrime. Through our rapid response and technical expertise, we have significantly reduced the financial impact and business interruption attributed to cyberattacks.
