Job Description

As a key member of the Digital Forensics and Incident Response (DFIR) team, the Advisor plays a central role in analyzing and resolving security incidents. They will be responsible for responding promptly to cyber incidents, conducting in-depth forensic investigations, consulting with client technical teams during system recovery phases, and providing recommendations to mitigate risks and strengthen system security.
 

Main Responsabilities

Security Incidents

• Handle the detection, qualification, and management of security incidents in collaboration with SOC, IT, and business teams.
• Coordinate containment, eradication, and recovery actions to minimize damage.
• Monitor incidents in real-time using SIEM, EDR, and other advanced security solutions.

Forensic Investigations

• Conduct digital forensic investigations on workstations, servers, and networks to identify the source and modus operandi of attacks.
• Collect, analyze, and interpret digital evidence in accordance with forensic best practices.
• Document attack chains (TTPs) and produce detailed technical reports to clearly communicate findings.

Process & Tools Improvement

• Contribute to the continuous improvement of incident response procedures and playbooks.
• Evaluate and deploy specialized tools for threat detection and response (EnCase, Volatility, Autopsy, etc.).
• Collaborate with Threat Intelligence teams to integrate current threat information into DFIR processes.

Monitoring & Prepardeness

• Continuously monitor emerging threats, vulnerabilities, and attack techniques.
• Participate in incident simulation exercises (table-top, red/blue/purple team) to test response capabilities.
• Train and raise awareness among internal teams on security best practices and incident detection.

Knowledge, Qualifications & Experience

Technical Knowledge

• Excellent knowledge of operating systems (Windows, Linux, macOS).
• Excellent knowledge of traditional virtualization technologies (VmWare, Hyper-V).
• Excellent understanding of network protocols and traffic analysis principles.
• Excellent knowledge of attack techniques (MITRE ATT&CK) and response processes.
• Excellent knowledge of Active Directory environments.
• Excellent knowledge of Cloud environments (Azure, AWS, GCP, etc.).

Qualifications

• University degree in computer science or a related field.

Distinctive Assets

• Relevant certifications (e.g., GCIH, GCFA, CHFI).
• Experience in incident response, forensic analysis, or operational cybersecurity.
• Experience in network administration.

Benefits & Conditions

Benefits

• Competitive salary.
• Comprehensive group insurance plan.
• Retirement plan.
• Exceptional training programs and career development opportunities.
• Hybrid remote work.

Conditions

• Ability to work evenings and weekends occasionally.
• Bilingualism in written and spoken form (communication with our clients/partners across Canada).

Carrières OKIOK
Gestionnaire des ressources humaines
450 681-1681
carrieres@okiok.com