Jobs · Management · Illinois

Senior Investigator Digital Forensics, Incident Response (DFIR)

Accenture · Chicago, IL · 3 wk ago
HybridManagement$70k–$206k/yrFull-time

About the role

We Are: Accenture Security is one of the fastest growing areas of our business, and our global Cyber Investigation and Forensic Response (CIFR) practice is at the heart of how we help clients prepare for, respond to, and recover from the most consequential cyber incidents. We deliver around-the-clock incident response services to our expanding portfolio of enterprise customers across the globe, providing expertise to multinational clients and shaping thought leadership inside and outside the firm.

Responsibilities

  • Conduct complex forensic analysis including advanced memory forensics, malware triage, encrypted artifact recovery, and anti-forensics detection
  • Perform host and network digital forensics, log analysis, and threat hunting in support of incident response investigations
  • Leverage EDR solutions, cloud platforms (AWS, Azure, GCP), and threat intelligence to identify attacker Tactics, Techniques and Procedures (TTPs)
  • Conduct incident response within various Cloud, OT, and traditional enterprise environments
  • Develop indicators of compromise and contribute to comprehensive attack timelines
  • Create automation tools and scripts that improve team efficiency and investigation capabilities
  • Mentor and train 2-4 investigators across multiple cases, building team capability
  • Lead medium to large workstreams (20-50+ systems) with minimal oversight
  • Support Primary Investigators with technical decision-making and investigation strategy
  • Translate strategic investigation direction into tactical tasks for team execution
  • Effectively communicate and interface with customers, both technically and strategically, to customer stakeholders and legal counsel throughout the engagement lifecycle
  • Author comprehensively written client reports on investigative findings with defensible conclusions
  • Present technical findings in client calls when appropriate
  • Support Accenture leadership in properly scoping engagements with innovative methodical approaches

Requirements

  • Bachelor's degree or equivalent (minimum 12 years) work experience. (If Associate’s Degree, must have minimum 6 years work experience)
  • Minimum 4 years of Digital Forensics, Incident Response (DFIR) experience with demonstrated expertise in complex investigations
  • Ability to obtain US security clearances as required by client engagement
  • Minimum of 3 years of demonstrated experience in: Enterprise incident response, digital forensics and cyber incident investigation processes
  • Common DFIR toolsets (Volatility, X-Ways, FTK, EnCase, Autopsy, etc.)
  • Microsoft Windows, GNU/Linux and MacOS operating systems
  • Memory forensics and malware analysis
  • Developing indicators of compromise and deriving attacker TTPs
  • Leading investigation workstreams and mentoring junior team members
  • Enterprise environments, Active Directory, and common attack patterns
  • Project management, analytical, and client-facing communication skills
  • Solving complex forensic challenges that require advanced techniques
  • Threat hunting on both endpoints and networks
  • Producing accurate, defensible, well-documented analysis
  • Eradication techniques, monitoring improvements, and protection capabilities
  • Developing and implementing dynamic remediation plans in conjunction with incident response engagements

Qualifications

  • Experience with Cloud environments (AWS, Azure, GCP) and cloud-native forensics
  • Experience with OT and ICS environments
  • Proficiency in scripting and programming languages (Python, PowerShell, Bash)
  • Experience with reverse engineering and sandboxing technologies
  • Advanced malware analysis capabilities (unpacking, deobfuscation, behavior analysis)
  • Contributions to open-source DFIR tools or methodologies
  • Active participation in the security community (conferences, publications, training development)
  • Security certifications such as GCFA, GCFE, GREM, GCIH, CEH, or similar
  • Advanced certifications (SANS 500-level, OSCP, OSCE)

Skills

  • Hands-on technical leadership
  • Deep expertise in Digital Forensics, Incident Response, and threat analysis
  • Composure under pressure during active incidents
  • Strong project management and analytical skills
  • Effective client communication
  • Team mentoring and capability building
  • Leadership in investigation workstreams
  • Technical decision-making and strategy development
  • Client reporting and presentation skills
  • Scoping engagements with innovative methods

Benefits

Here's What You Need: Bachelor's degree or equivalent (minimum 12 years) work experience. (If Associate’s Degree, must have minimum 6 years work experience) Minimum 4 years of Digital Forensics, Incident Response (DFIR) experience with demonstrated expertise in complex investigations Ability to obtain US security clearances as required by client engagement Minimum of 3 years of demonstrated experience in: Enterprise incident response, digital forensics and cyber incident investigation processes Common DFIR toolsets (Volatility, X-Ways, FTK, EnCase, Autopsy, etc.) Microsoft Windows, GNU/Linux and MacOS operating systems Memory forensics and malware analysis Developing indicators of compromise and deriving attacker TTPs Leading investigation workstreams and mentoring junior team members Enterprise environments, Active Directory, and common attack patterns Project management, analytical, and client-facing communication skills Solving complex forensic challenges that require advanced techniques Threat hunting on both endpoints and networks Producing accurate, defensible, well-documented analysis Eradication techniques, monitoring improvements, and protection capabilities Developing and implementing dynamic remediation plans in conjunction with incident response engagements Bonus Points If: You have experience with Cloud environments (AWS, Azure, GCP) and cloud-native forensics You have experience with OT and ICS environments You have proficiency in scripting and programming languages (Python, PowerShell, Bash) You have experience with reverse engineering and sandboxing technologies You have advanced malware analysis capabilities (unpacking, deobfuscation, behavior analysis) You have made contributions to open-source DFIR tools or methodologies You have active participation in the security community (conferences, publications, training development) You hold security certifications such as GCFA, GCFE, GREM, GCIH, CEH, or similar You hold advanced certifications (SANS 500-level, OSCP, OSCE)

Pay

Compensation at Accenture varies depending on a wide array of factors, which may include but are not limited to the specific office location, role, skill set, and level of experience. As required by local law, Accenture provides a reasonable range of compensation for roles that may be hired as set forth below.

Schedule

The amount of travel will vary from 0 to 100% depending on business need and client requirements.

Similar jobs