Hire Direct


Job Description:

Our Cyber Investigation and Forensic Response (CIFR) practice is rapidly growing, and we are hiring mid to very senior level professionals to work with our F500 enterprise customers. With our recent acquisitions we continue to enhance our incident response, threat hunting, forensics, threat intelligence, and purple teaming capabilities.

With Accenture Security, you will be part of a specialized team to respond to some of the largest and most complex data breaches around the world, as well as conduct cyber threat hunting in some of the most complex business environments, leveraging a variety of tools and techniques. You will work in a fast-paced and highly collaborative environment along with a diverse team of talent, in support of one mission – providing expert incident response services to Accenture customers.

Who You Are

The Incident Response Cyber Threat Intelligence Specialist (IR CTI) position is a hybrid role designed to provide embedded tactical intelligence support to CIFR investigations. The ideal candidate will have previous incident response and computer forensics experience, as well as significant experience performing cyber threat intelligence work. You will serve as the conduit between Accenture Security’s CIFR and Cyber Threat Intelligence (CTI) teams, leveraging CTI capabilities and knowledge to enhance CIFR investigations, and in turn providing data from CIFR engagements to further enrich the CTI knowledge base. In this role, you will work side by side with CIFR investigators, using your expertise to help enhance and accelerate successful resolution of IR efforts for our customers.

Key Responsibilities:

Support end-to-end incident response investigations with Accenture’s customers
Support CIFR efforts to identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
Hunt for and identify threat actor groups and their techniques, tools and processes
Identify attacker tools, tactics and procedures to develop IOCs
Support threat hunting efforts across customer’s networks with indicators of compromise, hunting for evidence of a compromise
Analyze adversarial IOCs and their respective tactics, techniques and procedures (TTPs) to provide unique insight into current and emerging threat groups and campaigns, and generate actionable intelligence
Participate in the drafting and ultimate dissemination of finished tactical and operational threat intelligence products (reports, briefings, etc.)
Develop and continuously tune detection signatures (e.g., YARA and Snort signatures) for both immediate client consumption and to maintain visibility into adversarial malware variants and tooling.
Collect, analyze, and provide an informed assessment of technical IOCs gathered during CIFR engagements to better understand incidents and help refine detection and response efforts.
Participate in drafting of comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
Effectively communicate and interface with customers, both technically and strategically from the executive level to customers stakeholders and legal counsel
Support engagement delivery from kickoff through remediation, either on premises or remote, depending on customer requirements

Basic Qualifications:

Minimum 8 years of experience tracking advanced persistent threats (APTs) and targeted cyber-crime threat campaigns, including but not limited to their associated TTPs and malicious tools.

Minimum 5 years of comparable experience /expert knowledge of forensic file system and memory techniques and use of the most commonly used toolsets, such as EnCase and FTK Suite

Minimum 3 years of comparable experience/ deep technical knowledge of methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting

Minimum 3 years of comparable experience with IDA Pro, OllyDbg, other disassemblers/debuggers

Minimum 2 years of comparable experience/thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame, Falcon, and Splunk

Minimum 2 years of comparable experience/detailed knowledge of Windows & Unix based operating systems and administrative tools, Windows disk and memory forensics, Unix or Linux disk and memory forensics, and Static and dynamic malware analysis

Required Skills

Bachelor’s Degree in Computer Engineering, Computer Science, Cyber Security, Information Security or related disciplines

Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP

Network traffic and protocol analysis utilizing tools such as Wireshark

Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application-based controls (including Windows, Unix, and network equipment)

Excellent time management, writing and communication skills

Strong analytic, qualitative, and quantitative reasoning skills

As required by the Colorado Equal Pay Transparency Act, Accenture provides a reasonable range of minimum compensation for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $205,500 – $248,299 and information on benefits offered is here.

Apply before Oct 15, 2022 at hr@hiredirect.com