Accenture Cyber Incident Response Associate Manager - Location Negotiable in Birmingham, Alabama
The Cyber Investigation and Forensics Response (CIFR) team is an elite cyber security consulting organization within Accenture Security, specializing in adversary simulation, red teaming, cyber defense consulting, incident response and threat hunting.
Our CIFR practice is rapidly growing, and we are hiring mid to very senior level incident response and threat hunting professionals to work with our F500 enterprise customers. With our recent acquisitions we continue to enhance our incident response, threat hunting, forensics, threat intelligence, and red teaming capabilities.
At CIFR, you will be part of a specialized team to respond to some of the largest and most complex data breaches around the world, as well as conduct proactive cyber threat hunting in some of the most complex corporate environments, leveraging a variety of tools and techniques. You will work in a fast paced and highly collaborative environment.
Manage end-to-end incident response investigations with Accenture’s customers
Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
Conduct Threat Hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise
Conduct incident response within various Cloud platforms
Identify attacker tools, tactics, and procedures to develop indicators of compromise
Develop and implement mitigation and remediation plans in conjunction with incident response
Form and articulate expert opinions based on findings
Produce comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
Effectively communicate and interface with client, both technically and strategically from the executive level, to client stakeholders and legal counsel
Support leadership in properly scoping engagements with innovative methodical approaches, based on client requirements
Participating in engagements from kickoff through remediation, either on premises or remote, depending on client requirements
Collaborate well with a highly experienced and diverse team of talent, in support of one mission – providing expert incident response services to Accenture clients
On-site, client travel will be required for this position, with the requirement to travel up to 50%
Expert knowledge of forensic file system and memory techniques and use of the most commonly used toolsets, such as EnCase and FTK Suite
Deep technical knowledge of methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis and evidentiary reporting
Experience with IDA Pro, OllyDbg, other disassemblers/debuggers
Thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame and Splunk
Detailed knowledge of Windows & Unix based operating systems and administrative tools
Windows disk and memory forensics
Unix or Linux disk and memory forensics
Static and dynamic malware analysis
Network traffic and protocol analysis utilizing tools such as Wireshark
Strong knowledge of incident response, forensics and investigation processes
Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application-based controls (including Windows, Unix, and network equipment)
Excellent time management, writing and communication skills
Strong analytic, qualitative, and quantitative reasoning skills
Minimum 3 years of comparable experience
Relevant industry certifications valuable
Experience in responding to security incidents involving Amazon Web Services, Google Cloud Platform, Azure, or hybrid network architectures
Experience in Office 365 investigations including Business Email Compromises and banking fraud
Bachelor's Degree or relevant investigative experience
Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States and with Accenture (i.e., H1-B visa, F-1 visa (OPT), TN visa or any other non-immigrant status).
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Accenture is a federal contractor and an EEO and Affirmative Action Employer of Females/Minorities/Veterans/Individuals with Disabilities.
Equal Employment Opportunity
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Accenture is committed to providing veteran employment opportunities to our service men and women.