Job Details
Accenture
Principal Incident Response Investigator - Location Negotiable
Our Cyber Investigation and Forensic Response (CIFR) practice is rapidly growing, and we are hiring mid to very senior level incident response and threat hunting professionals to work with our F500 enterprise customers. With our recent acquisitions we continue to enhance our incident response, threat hunting, forensics, threat intelligence, and purple teaming capabilities.
With Accenture Security, you will be part of a specialized team to respond to some of the largest and most complex data breaches around the world, as well as conduct cyber threat hunting in some of the most complex business environments, leveraging a variety of tools and techniques. You will work in a fast paced and highly collaborative environment along with a diverse team of talent, in support of one mission – providing expert incident response services to Accenture customers
Job Functions
Lead end-to-end incident response investigations with Accenture’s customers
Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
Conduct threat hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise
Conduct incident response within various Cloud platforms
Identify attacker tools, tactics, and procedures to develop indicators of compromise
Develop and implement remediation plans in conjunction with incident response
Form and articulate expert opinions based on findings and analysis
Produce comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
Effectively communicate and interface with customers, both technically and strategically, from the executive level to customers, stakeholders, and legal counsel
Support leadership in properly scoping engagements with innovative methodical approaches, based on customer requirements
Lead engagement delivery from kickoff through remediation, either on premises or remote, depending on the customer requirements
On-site, customer travel will be required for this position, with the requirement to travel up to 50%
Qualifications
Required Skills
3+ years’ experience working with forensic file system and memory techniques, and the use of the most used toolsets, such as EnCase and FTK Suite
3+ years’ experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
1+ years’ experience working with IDA Pro, OllyDbg, and other disassemblers/debuggers
3+ years’ experience with Windows and Unix based operating systems and administrative tools
1+ years’ experience with Windows disk and memory forensics
1+ years’ experience with Unix or Linux disk and memory forensics
6+ months experience with Static or Dynamic malware analysis
6+ months experience monitoring network traffic and protocol analysis using tools such as Wireshark
Nice to Have
Thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame, Falcon and Splunk
Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application-based controls (including Windows, Unix, and network equipment)
Excellent time management, writing and communication skills
Strong analytic, qualitative, and quantitative reasoning skills
Bachelor’s Degree in Computer Engineering, Computer Science, Cyber Security, Information Security, or related disciplines
Security certifications: CISSP, SANS, GIAC (GREM, GCFA, GCIH), OSCP
Minimum 5 years of comparable experience
As required by Colorado law under the Equal Pay for Equal Work Act, Accenture provides a reasonable range of compensation for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $119,880 - $227600 and [Register to View]
Equal Employment Opportunity Statement
Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Accenture is committed to providing veteran employment opportunities to our service men and women.
For details, view a copy of the [Register to View] .
Requesting An Accommodation
Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 [Register to View] , send us an [Register to View] or speak with your recruiter.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.