Digital Forensics and Incident Response (DFIR) Consultant

We are seeking a highly skilled and motivated Cyber DFIR Analyst to join our growing cybersecurity team. In this role, you will lead and support digital forensics and incident response (DFIR) activities across CGI's customer base. You will investigate security incidents, analyze threats, identify root causes, and provide remediation strategies to mitigate risk. This is a hands-on technical role requiring deep expertise in threat hunting, forensic analysis, and response coordination.

Location: open to locations within proximity to a CGI office
Security Clearance: Must have or be eligible to obtain Reliability Clearance

Key Responsibilities:
Incident Response: Detect, analyze, and respond to cybersecurity incidents using industry-standard tools and methodologies.
Forensics Investigations: Collect, preserve, and analyze digital evidence from systems, networks, and endpoints.
Threat Hunting: Proactively search for indicators of compromise (IOCs) and advanced persistent threats (APTs) within enterprise environments.
Malware Analysis: Perform static and dynamic analysis of malware artifacts to understand behaviors and impact.
Log Analysis: Analyze logs from various systems (e.g., SIEMs, EDRs, firewalls, proxies) to reconstruct attack timelines and identify unauthorized activity.
Root Cause Analysis: Identify the entry point, method, and impact of cyber intrusions.
Reporting: Create detailed forensic and incident reports for both technical and non-technical audiences, including executive summaries.
Collaboration: Work with SOC analysts, IT teams, and legal/compliance departments during investigations and post-incident reviews.
Continuous Improvement: Contribute to the development of DFIR playbooks, runbooks, and procedures to improve response readiness.

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience)
Security Clearance: Must have or be eligible to obtain Reliability Clearance
3+ years of experience in digital forensics and/or incident response
Strong understanding of cyber threats, attack vectors, and MITRE ATT&CK framework
Hands-on experience with DFIR tools such as EnCase, FTK, Volatility, X-Ways, Velociraptor, etc.
Proficient in analyzing Windows, Linux, and macOS systems
Experience with SIEMs (e.g., Splunk, QRadar), EDRs (e.g., CrowdStrike, SentinelOne), and packet analysis tools (Wireshark)
Excellent communication, documentation, and analytical skills
Preferred:
Relevant certifications such as GCFA, GNFA, GCIH, CHFI, or CISSP
Experience with scripting (Python, PowerShell, Bash) for automation and data parsing
Knowledge of cloud platforms (AWS, Azure, GCP) and associated security tooling
Familiarity with legal chain-of-custody and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS)

#LI-AB19

• Firewalls
• GIAC Cert Forensic Analyst
• Linux
• Splunk
• Wireshark
• GIAC Cert Incident Handler
• Python

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Come join our team-one of the largest IT and business consulting services firms in the world.