Accenture Cyber Incident Response Associate Manager - Location Negotiable in Birmingham, Alabama

The Cyber Investigation and Forensics Response (CIFR) team is an elite cyber security consulting organization within Accenture Security, specializing in adversary simulation, red teaming, cyber defense consulting, incident response and threat hunting.

Our CIFR practice is rapidly growing, and we are hiring mid to very senior level incident response and threat hunting professionals to work with our F500 enterprise customers. With our recent acquisitions we continue to enhance our incident response, threat hunting, forensics, threat intelligence, and red teaming capabilities.

At CIFR, you will be part of a specialized team to respond to some of the largest and most complex data breaches around the world, as well as conduct proactive cyber threat hunting in some of the most complex corporate environments, leveraging a variety of tools and techniques. You will work in a fast paced and highly collaborative environment.

Job Description:

  • Manage end-to-end incident response investigations with Accenture’s customers

  • Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources

  • Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations

  • Conduct Threat Hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise

  • Conduct incident response within various Cloud platforms

  • Identify attacker tools, tactics, and procedures to develop indicators of compromise

  • Develop and implement mitigation and remediation plans in conjunction with incident response

  • Form and articulate expert opinions based on findings

  • Produce comprehensive and accurate oral and written reports and presentations for both technical and executive audiences

  • Effectively communicate and interface with client, both technically and strategically from the executive level, to client stakeholders and legal counsel

  • Support leadership in properly scoping engagements with innovative methodical approaches, based on client requirements

  • Participating in engagements from kickoff through remediation, either on premises or remote, depending on client requirements

  • Collaborate well with a highly experienced and diverse team of talent, in support of one mission – providing expert incident response services to Accenture clients

  • On-site, client travel will be required for this position, with the requirement to travel up to 50%

Basic Qualifications:

  • Expert knowledge of forensic file system and memory techniques and use of the most commonly used toolsets, such as EnCase and FTK Suite

  • Deep technical knowledge of methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis and evidentiary reporting

  • Experience with IDA Pro, OllyDbg, other disassemblers/debuggers

  • Thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame and Splunk

  • Detailed knowledge of Windows & Unix based operating systems and administrative tools

  • Windows disk and memory forensics

  • Unix or Linux disk and memory forensics

  • Static and dynamic malware analysis

  • Network traffic and protocol analysis utilizing tools such as Wireshark

  • Strong knowledge of incident response, forensics and investigation processes

  • Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application-based controls (including Windows, Unix, and network equipment)

  • Excellent time management, writing and communication skills

  • Strong analytic, qualitative, and quantitative reasoning skills

  • Minimum 3 years of comparable experience

  • Relevant industry certifications valuable

  • Experience in responding to security incidents involving Amazon Web Services, Google Cloud Platform, Azure, or hybrid network architectures

  • Experience in Office 365 investigations including Business Email Compromises and banking fraud

    Preferred Qualifications:

  • Bachelor's Degree or relevant investigative experience

  • Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP

Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States and with Accenture (i.e., H1-B visa, F-1 visa (OPT), TN visa or any other non-immigrant status).

Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.

Accenture is a federal contractor and an EEO and Affirmative Action Employer of Females/Minorities/Veterans/Individuals with Disabilities.

Equal Employment Opportunity

All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Accenture is committed to providing veteran employment opportunities to our service men and women.