Cyber Forensic Specialist
Accenture Federal Services · Arlington, VA · 3 wk ago
Information Technology$70k–$153k/yrFull-time
The Role
We are seeking a skilled and detail-oriented Cyber Forensic Specialist to join our Digital Forensics and Incident Response (DFIR) team. This role is critical in supporting the organization's Cyber Incident Response Team (CIRT) by providing expert-level digital forensic and investigative support. Additionally, the position involves working closely with cross-functional teams, including Human Resources, Legal, and Insider Threat, to conduct sensitive internal investigations related to policy adherence and organizational concerns.
Work
- DFIR Support:
- Collaborate with the Cyber Incident Response Team (CIRT) to investigate and respond to cybersecurity incidents, including malware infections, unauthorized access, data breaches, and advanced persistent threats (APTs).
- Perform digital forensic analysis on devices such as laptops, desktops, servers, mobile devices, and network logs to identify the root cause and scope of incidents.
- Provide recommendations on containment, remediation, and recovery activities.
- Investigative Support:
- Conduct internal investigations in collaboration with HR, Legal, and Insider Threat teams related to:
- Potential risks to organizational assets and operations.
- Inquiries requiring the collection and analysis of electronic evidence.
- Other internal matters involving digital investigations.
- Analyze electronic communications, file systems, and digital artifacts to uncover evidence.
- Prepare detailed, well-documented reports and findings to support decision-making and potential actions.
- Litigation Holds and eDiscovery:
- Partner with the Legal team to ensure the timely and accurate implementation of litigation holds, including identifying, preserving, and collecting electronically stored information (ESI).
- Perform eDiscovery-related data captures, including on-premises and cloud-based systems, in alignment with legal and regulatory requirements.
- Maintain thorough documentation of all eDiscovery activities for legal proceedings and audits.
- Evidence Intake and Management:
- Serve as the central point for evidence intake, ensuring proper chain of custody and documentation for all collected digital evidence.
- Maintain and enforce evidence management protocols, including secure storage, tagging, and tracking for litigation holds and legal proceedings.
- Ensure compliance with data retention and destruction policies.
- Process Optimization and Tooling:
- Leverage forensic tools (e.g., EnCase, FTK, X-Ways, Magnet Axiom) to analyze and process evidence efficiently.
- Continuously improve and document forensic methodologies, workflows, and playbooks.
- Stay up to date with emerging forensic techniques, tools, and industry best practices.
- Collaboration and Training:
- Provide guidance and training to the CIRT and other internal teams on forensic processes and evidence handling.
- Collaborate with outside counsel or external third-party forensic services, when required.
- US Citizenship required.
- 3-5 years of experience in information security, or other equivalent combination of education or equivalent work experience.
- 3 + years of experience with performing digital forensics on physical and cloud systems.
- 2+ years of experience performing event and log analysis including one or more of the following: Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Data loss prevention tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions.
- 1+ years of experience investigating, containing, eradicating, and preventing current and future compromises i.e., implementing or requesting an IP/domain/URL block, file hash block, email purge, software removal, device reimage, etc.
- 1+ years of experience with collecting, processing, reviewing, and producing Electronically Stored Information (ESI) to legal teams.
- Work independently to deliver prompt solutions without direct supervision.
- Excellent written and oral communication skills, attention to detail, and interpersonal skills.
- Experience presenting complex technical information to decision makers and leading them through the decision-making process.
- Experience with digital forensic imaging (FTK, Cellebrite, Paladin, etc.) and analysis tools (EnCase, Autopsy, Nuix, etc.).
- Experience with evidence preservation and chain of custody.
- Experience with TCP/IP, common application layer protocols, and packet analysis of the same.
- Experience performing static and dynamic malware analysis.
- Experience with indicators of attack and compromise.
- Experience with basic data parsing and analysis tools, i.e., Excel, grep, sed, awk, regex, etc.
- Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software packages.
- Familiarity with detection design & engineering concepts to tune detections.
- Familiarity with Windows / Linux architecture and endpoint analysis of the same.
- Familiarity with the Electronic Discovery Reference Model (EDRM) for ESI discovery, preservation, and production.
- DFIR related certifications including but not limited to: SANS (GCED, GCLD, GCIH, GCFE,GCFA,GREM),CFCE,EnCE.
- Knowledge of scripting languages (e.g., Python, PowerShell) to automate forensic tasks.
- Experience with eDiscovery toolsets such as: Microsoft Purview eDiscovery (Standard/Premium) and Nuix.
What You Need
Bonus If You Have
Pay Range
$69,900 - $153,000 USD
Apply for this job
* indicates a required field