Overview

Putting people first, every day:

BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, we rely on our professionals to provide exceptional service and help our clients by providing advice and insight they can trust. In turn, we offer an environment that fosters a people-first culture with a high priority on your personal and professional growth.

Your opportunity:

We are looking for a talented individual at a Senior Consultant or Manager level to join the Incident Response team in BDO’s Cybersecurity Engineering practice, working from anywhere in Canada. The successful individual will be self-driven and results-oriented with a strong focus on client relationships, and a strong interest in computer forensics and cyber incident response analysis. It is an excellent opportunity for those that are looking to work in a firm with unparalleled career progression opportunities.

As a Senior Consultant or Manager in Cybersecurity Engineering, your responsibilities will include:

  • Deliver, lead and manage digital forensic investigations and cyber incident response engagements;
  • Perform all phases of the incident response life cycle: preparation, analysis, containment, eradication, remediation, recovery and post-incident activity
  • Gather, analyze and maintain data to support investigative, risk and mitigation efforts;
  • Define, document, test and manage incident response processes; document processes and procedures in the form of playbooks and reference guides
  • Perform threat hunting in both on-premise and cloud environments
  • Evaluate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk and improve threat detection by incorporating into detection tools
  • Independently perform digital forensics on various platforms and mobile devices utilizing various forensic tools such as, but not limited to EnCase,
  • Autopsy, Magnet Axiom and Cellebrite;
  • Utilize and analyze results from incident response and forensic tools to assess host and network-based artifacts; analyze to determine root cause and impact
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Actively contribute to thought leadership and business development campaigns.
  • Communicate effectively at multiple levels of sensitivity, and multiple audiences.
  • Contribute to the continued development of the Incident Response team, supporting internal development opportunities and process enhancement.
  • Sustain a high level of drive, show enthusiasm and a positive attitude when coping with pressure at work.

How do we define success for your role?

  • You demonstrate BDO’s core values through all aspect of your work: Integrity, Respect and Collaboration
  • You understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality work
  • You identify, recommend, and are focused on effective service delivery to your clients
  • You share in an inclusive and engaging work environment that develops, retains & attracts talent
  • You actively participate in the adoption of digital tools and strategies to drive an innovative workplace
  • You grow your expertise through learning and professional development.

Your experience and education

Required:

  • At a minimum, a degree in Computer Science, Information Technology, or related field;
  • 3-5 years of previous incident response or CSIRT experience;
  • Strong knowledge of technical concepts such as network and application security, access controls, IDS/IPS devices, physical security, operating system security, cryptography, malware analysis and information security risk management.
  • Strong knowledge of web protocols, common attacks, Windows/Linux/Unix tools and architecture, network protocol analysis, public key infrastructure,
  • SSL, Active Directory, Open source software, and scripting.
  • Strong awareness of recent cyber incidents, ransomware, breaches and attacker groups;
  • Thorough understanding of network protocols, data on the wire, and covert channels
  • Exposure to Endpoint Detection and Response (EDR) tools such as Crowdstrike, CarbonBlack, FireEye etc, and traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
  • Strong knowledge of common threat actor TTPs and how they relate to the stages of the MITRE ATT&CK Framework.
  • Hands-on experience with forensic software applications (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Wireshark, OpenVAS, Snort, Magnet IEF/Axiom) and techniques to capture electronic data from computers, external media, networks and mobile data devices.
  • Hands-on computer forensic experience such as Windows, Unix and or/Linux disk and memory forensics, Host and Network-based security monitoring, traffic and log analysis and static and dynamic malware analysis in support of incident response investigations and possible litigation with an understanding of evidence handling procedures.
  • Hands-on experience with log analysis, malware triage and binary reverse engineering.
  • Excellent research and critical and analytical thinking skills with the ability to clearly identify and define problems and develop creative solutions to address client needs.
  • Experience presenting to clients or other decision-makers to present and sell ideas to various audiences (technical and non-technical)

Preferred:

  • Hands-on experience with various security tools including log management, web proxies, endpoint protection platforms etc.
  • Experience in an advisory or external consulting capacity or as a corporate incident response handler
  • Experience managing senior-level client relationships
  • Strong knowledge of container technologies such as Docker
  • Strong knowledge of AWS, Azure and Google Cloud
  • Pre-sales, proposal, and RFP experience
  • Past experience working with public sector
  • Must be able to obtain and maintain required clearance for this role

Certification(s) Preferred:

One or more of the following:

  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Examiner (GCFE)
  • EnCase Certified Examiner (EnCE)
  • GIAC Security Essentials Certification (GSEC)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CeH)
  • Computer Hacking Forensic Investigator (CHFI)

About BDO

BDO Canada has spent more than 90 years providing assurance, accounting, tax, and advisory services to a broad range of clients across Canada. We represent thousands of technology clients across the country.