Senior Associate, Data & Technology, Digital Forensics & Incident Response

Ankura is a team of excellence founded on innovation and growth.

This role is situated in the Cyber, eDiscovery, and Digital Forensics teams within Ankura's Data & Technology division, which is dedicated to providing client services as one of the firm's seven key practices.

Ankura ranks among the top five fastest-growing consulting firms globally, with over 2,000 employees across more than 36 offices, serving both private and public sectors with a diverse array of services.

In 2023, Ankura expanded into Saudi Arabia, opening an office in Riyadh where we are now inviting Senior Associates to join our team on a hybrid working basis. We are looking for confident, self-motivated individuals who can independently navigate a broad range of tasks, contributing to the growth of our Middle East team.

The Cybersecurity and Privacy Practice is a fast-expanding segment of Ankura's Data and Technology offerings, helping clients tackle pressing information security issues, from incident response to risk assessment and mitigation.

The Digital Forensics and Incident Response (DFIR) team delivers comprehensive services to clients facing cyber threats, focusing on immediate containment and in-depth analysis to understand and prevent attacks.

Ankura's eDiscovery team leverages cutting-edge technology to handle vast amounts of unstructured data. Utilizing sophisticated tools, they convert emails, documents, and other content into a searchable format, enhancing the ability of investigation teams to swiftly pinpoint key information in various cases.

Role Overview
In addition to closely collaborating with the project team to gain a deep understanding of client objectives and challenges, you will take on a team lead role, managing team members, guiding their tasks, and ensuring the quality of their work. Your role will be pivotal in delivering critical project elements efficiently and to an exceptional standard, while also fostering the development of innovative and effective workflows to address client issues.

Your expanded responsibilities will encompass overseeing project scope definition, evidence collection, and technical analysis, providing mentorship and assistance to less experienced team members. You will ensure that their contributions align with project goals and maintain the highest quality standards. As part of your role, you will work within a specialized team that is shaping an advanced Digital Forensics and Incident Response (DFIR) practice for KSA and the Middle East, leveraging support from our international experts. Your role will not only drive project success but also contribute to the professional growth of the team and the continuous improvement of our DFIR, Cyber and eDiscovery capabilities.

Responsibilities

• Assist in data management processes, from identification, preservation through to analysis, in close collaboration with relevant teams for the best outcomes.

  
  

• Investigate security incidents, analysing system and network logs, as well as conducting forensic and malware analysis.

  
  

• Assess intrusion attempts by reviewing IDS alerts, firewall, network traffic, and system logs to detect unauthorized actions and data breaches.

  
  

• Perform detailed forensic analysis and develop forensic reports to support our clients in understanding events and actions taken on devices.

  
  

• Handle security investigations across various operating systems including Windows, Linux/Unix, macOS, iOS, and Android.

  
  

• Participate in creating project plans, maintaining documentation, and preparing reports to uphold the highest quality standards.

  
  

• Analyse client requirements and filter complex, unstructured datasets to minimize irrelevant data.

  
  

• Conduct quality control checks to ensure the accuracy of search results, review workflows, and data processing.

  
  

• Engage with clients, Ankura team members, and other stakeholders on a daily basis to maintain project momentum.

  
  

• Support the firm's growth by contributing to pitches, internal training development, and firm marketing activities.

  
  

Requirements

• Proficiency in analysing log evidence from various sources, including network and host intrusion systems, web application logs, proxy servers, and antivirus systems.

  
  

• Team-oriented approach to incident response, with skills in investigating and remediating malware infections and email threats like phishing.

  
  

• Solid technical knowledge and experience in managing security controls for at least two of the following operating systems: Windows, macOS, or Linux.

  
  

• A solid understanding of host-based digital forensics, such as analysing system artifacts for compromise indicators.

  
  

• Capability to construct detailed timelines of significant security events, contributing to the overall incident timeline.

  
  

• Knowledge of the threat actor landscape, including common attacker techniques, tactics, and procedures.

  
  

• Understanding of the Electronic Discovery Reference Model (EDRM) and eDiscovery platforms like Relativity, Reveal/Brainspace, Disco, Nuix, and similar tools.

  
  

• Interest or experience in cybersecurity and forensic technologies like Carbon Black, Encase, and Axiom Cyber.

  
  

• Excellent communication skills, able to articulate complex technical details to both technical and non-technical audiences.

  
  

• Keen attention to detail with strong problem-solving and analytical reasoning abilities.

  
  

• Flexibility for international travel for various client engagements.

  
  

Desired Qualifications

• Proficiency with cloud technologies, including AWS, Azure, and GCP.

  
  

• Holder of cybersecurity certifications such as SANS GCIA, GCIH, GPEN, GCFA, GNFA, GREM, CISSP, or Offensive Security OSCP/OSCE.

  
  

• Interest in public speaking on Cybersecurity and Digital Forensics and Incident Response (DFIR) topics.

  
  

• Scripting or programming skills in languages like Python, PowerShell, Bash, C#, VBA, or SQL are highly valued.

  
  

• First hand experience working across the EDRM on eDiscovery matters.

  
  

What We Offer You

• Extensive career growth opportunities supported by a structured development process, comprehensive training programs, and Ankura Academy's e-learning platform.

  
  

• Collaborate with internationally recognized experts at a leading global consultancy.

  
  

• Benefit from a flat team structure that fosters innovation, curiosity, and open communication.

  
  

• Chance to travel and participate in international projects across Ankura's global offices.

  
  

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.