Digital Forensic Specialist

Understanding of digital forensic principles, methodologies, and techniques; including experience using digital forensic tools (i.e., EnCase, Axiom, e-Discovery tools, Cellebrite, Intella, Crowdstrike, Splunk)
Understanding of the principles of investigation, including reporting, evidence handling, chain of custody, and court or regulatory proceedings
Ability to interpret digital evidence matters in a way understandable to business and non-technical people
Knowledge of Data Loss Prevention tools and conducting DLP related investigations
Knowledge of Microsoft Purview Mailbox collection and review
Excellent written and verbal communication, presentation, organization, leadership, and planning skills
Demonstrated ability to manage crisis and emergency incidents
Self-starter, strategic thinker, negotiator and consensus builder, proven ability to satisfactorily manage competing priorities
Understanding of organizational priorities and relationships
Solid understanding of governing plans and documents, procedures, and business administration
Understanding of operating systems (Windows, Linux and OSX)
Knowledge of malware triage and reverse engineering an asset
Knowledge of network-based services and client/server applications
Knowledge of enterprise systems and infrastructure

Lead digital evidence / cybercrime investigations
Collect evidence from computers, laptops, phones, iPads, databases and a variety of other devices/systems capable of storing valuable electronic data
Applies sound methodologies to collect, preserve, and analyze digital evidence
Maintain a digital forensic lab environment by ensuring all hardware and software are verified and validated as forensically sound
Focus on operational efficiency to ensure the Forensic Investigations & Digital Evidence team is leveraging tools and processes that reduce redundancy and improve capacity
Stays up to date on the emerging technology threat landscape
Respond to internal business units to investigate simple or complex, sensitive, or urgent matters, usually within minimal timeframes
Assist in managing the team’s computer forensic lab and network infrastructure
Prepares written professional reports
Testify and present evidence, as required

Experience with programming/scripting languages an asset
Experience in identifying gaps in the existing process and proposing and implementing solutions
Background in operational information security disciplines (e.g., incident response, security infrastructure management or monitoring services)
Familiarity with forensic lab network architecture and security infrastructure placement
Familiarity with security tools such as Anti-Virus, Ironport systems and Data Loss Prevention tools
5 years experience in cyber forensics, incident response, digital forensic investigations, and/or information security role a plus
Handles conflict effectively, by overcoming differences of opinion and finding common ground
Ability to follow through on leads until all possible avenues in investigating a case have been exhausted
Ability to evaluate data and courses of action to reach logical, pragmatic decisions