Digital Forensics Analyst

Closing Date: July 3 2025 at 4:00 PM

CANADIAN INSTITUTE FOR CYBERSECURITY

The Cyber Attribution Data Center (CADC) and established initiative at the Canadian Institute of Cybersecurity located at the University of New Brunswick is designed to be a national leader in cyber threat attribution. The centers core mission is to identify malicious cyber actors by gathering data from diverse sources and employing advanced cyber attribution intelligence analytics. In addition the CADC is dedicated to training and equipping the next generation of artificial intelligence cybersecurity specialists. The multidisciplinary unit leverages expertise from social sciences business computer science engineering law and science fostering innovation and collaboration to address the evolving challenges of cybersecurity. The CADC will work closely with industry and government to make Canada and Canadians safer online.

WHAT WE OFFER

Full-time 3-YearTerm Fredericton Location On-Campus

UNB is committed to ensuring employees can maintain a healthy work-life balance.

Standard Work Hours: Mon - Fri 7:45 am - 4:00 pm 36.25 hours per week (Summer Hours)

Salary Range: $57669 - $74968 per annum *As of July 1st

YOUR FOCUS

Reporting to Deputy Director the Digital Forensics Analyst leads digital forensic investigations across endpoint and cloud environments uncovering attack vectors and malicious activity to strengthen the departments cyber threat detection and response capabilities. It also supports cross-institute integration of forensic insights and mentors junior staff in investigation techniques.

• Lead forensic analysis on compromised Windows Linux and macOS systems to identify attack vectors.
• Manage memory forensics and file system analysis to extract evidence from volatile and non-volatile storage.
• Identify and document indicators of compromise (IOCs) related to malware infections and unauthorized access.
• Investigate malicious binaries and scripts to understand their functionality and impact.
• Mentor software developers and analysts in forensic methodologies.
• Analyse network traffic logs packet captures (PCAPs) and firewall events to identify malicious activity.
• Correlate data from IDS/IPS firewalls and EDR platforms to detect and track adversary movement.
• Investigate lateral movement data exfiltration attempts and command-and-control (C2) communications.
• Ensure forensic findings and analysis are integrated across the institute.
• Conduct forensic investigations in cloud environments such as Azure AWS and GCP.
• Use cloud-native security tools and logs (e.g. AWS CloudTrail Azure Security Centre) to detect unauthorized access and malicious activities.
• Ensure cloud-based forensic research and analysis are integrated across the institute.
• Use SIEM platforms (e.g. Splunk QRadar Azure Sentinel) to extract security logs and analyse system events.
• Develop and run correlation queries to identify attack vectors and track adversary activity.
• Integrate SIEM findings with forensic investigations to provide comprehensive threat intelligence.
• Document forensic findings in detailed technical reports.
• Contribute to internal training and knowledge-sharing initiatives on forensic investigations.

WHAT YOU BRING

• Bachelors degree in Cybersecurity Information Security Computer Science or a related field.
• Experience with conducting digital forensic analyses using commercial and open-source forensic tools including file system forensics memory analysis and network analysis.

Additional Strengths:

• Digital forensics/incident response training and/or certifications including SANS GIAC (GCIA GCFA GCFE GNFA GCCC and/or GREM) IACIS (CFCE or CIFR) and/or Guidance Software (EnCE) are considered strong assets.
• Proficiency in platforms like Splunk QRadar Azure Sentinel CrowdStrike and MS Defender for Endpoint.
• Understanding of proper evidence handling procedures and chain-of-custody.
• Proficiency in Python PowerShell and other scripting languages for forensic analysis.
• Familiarity with security features in Azure AWS or GCP including forensic investigations in cloud environments.
• Strong understanding of computer operating systems software network and hardware.
• Knowledge of NIST MITRE ATT&CK SANS Top 20 and OWASP Top 10 best practices.
• Analytical and problem-solving skills.