Senior Investigator - Digital Forensics & Incident Response
We Are:
Accenture Security is one of the fastest growing areas of our business, and our global Cyber Investigation and Forensic Response (CIFR) practice is at the heart of how we help clients prepare for, respond to, and recover from the most consequential cyber incidents. We deliver around-the-clock incident response services to our expanding portfolio of enterprise customers across the globe, providing expertise to multinational clients and shaping thought leadership inside and outside the firm.
You Are:
A hands-on technical leader who excels in complex investigations. You have deep expertise in digital forensics, incident response, and threat analysis, and you have the composure to apply it under pressure during active incidents. You are equally comfortable briefing clients in the boardroom and performing deep analysis. You take ownership of investigations, mentor the people around you, and you raise the bar on what world-class incident response looks like.
The Work:
- Conduct complex forensic analysis including advanced memory forensics, malware triage, encrypted artifact recovery, and anti-forensics detection
- Perform host and network digital forensics, log analysis, and threat hunting in support of incident response investigations
- Leverage EDR solutions, cloud platforms (AWS, Azure, GCP), and threat intelligence to identify attacker Tactics, Techniques and Procedures (TTPs)
- Conduct incident response within various Cloud, OT, and traditional enterprise environments
- Develop indicators of compromise and contribute to comprehensive attack timelines
- Create automation tools and scripts that improve team efficiency and investigation capabilities
- Mentor and train 2-4 investigators across multiple cases, building team capability
- Provide quality assurance on investigator findings before Primary Investigator review
- Lead medium to large workstreams (20-50+ systems) with minimal oversight
- Support Primary Investigators with technical decision-making and investigation strategy
- Translate strategic investigation direction into tactical tasks for team execution
- Effectively communicate and interface with customers, both technically and strategically, to customer stakeholders and legal counsel throughout the engagement lifecycle
- Author comprehensively written client reports on investigative findings with defensible conclusions
- Present technical findings in client calls when appropriate
- Support Accenture leadership in properly scoping engagements with innovative methodical approaches
Travel may be required for this role. The amount of travel will vary depending on business need and client requirements.
Here's What You Need:
· Bachelor's degree or equivalent work experience
· Minimum 4-6 years of DFIR experience with demonstrated expertise in complex investigations
· Ability to obtain federal government security clearances as required by client engagements
· Strong knowledge of enterprise incident response, digital forensics and cyber incident investigation processes
· Expert-level familiarity with common DFIR toolsets (Volatility, X-Ways, FTK, EnCase, Autopsy, etc.)
· Deep DFIR knowledge of Microsoft Windows, GNU/Linux and MacOS operating systems
· Advanced experience with memory forensics and malware analysis
· Proven ability to derrive attacker TTPs and develop indicators of compromise
· Experience leading investigation workstreams and mentoring junior team members
· Strong understanding of enterprise environments, Active Directory, and common attack patterns
· Excellent project management, analytical, and client-facing communication skills
· Ability to solve complex forensic challenges that require advanced techniques
· Experience with threat hunting on both endpoint and network
· Proven track record of producing accurate, defensible, well-documented analysis
· Knowledge of eradication techniques, monitoring improvements, and protection capabilities
· Ability to develop and implement dynamic remediation plans in conjunction with incident response engagements
Bonus Points If:
· You have experience with Cloud environments (AWS, Azure, GCP) and cloud-native forensics
· You have experience with OT and ICS environments
· You have proficiency in scripting and programming languages (Python, PowerShell, Bash)
· You have experience with reverse engineering and sandboxing technologies
· You have advanced malware analysis capabilities (unpacking, deobfuscation, behavior analysis)
· You have made contributions to open-source DFIR tools or methodologies
· You have active participation in the security community (conferences, publications, training development)
· You hold security certifications such as GCFA, GCFE, GREM, GCIH, CEH, or similar
· You hold advanced certifications (SANS 500-level, OSCP, OSCE)
Compensation at Accenture varies depending on a wide array of factors, which may include but are not limited to the specific office location,
role, skill set, and level of experience. As required by local law, Accenture provides a reasonable range of compensation, based on full-time
employment, for roles that may be hired as set forth below.
The recruiting efforts for this position are intended to fill a brand new position.
The base pay range shown below is intended as a guideline to reflect the majority of offers for this role. It does not represent a maximum limit — in some cases, actual compensation may exceed the range where appropriate.
Information on benefits is here:
Role Location Annual Salary Range
British Columbia/Ontario $75,400 to $125,400
Toronto, Ontario
平等就业机会声明
所有聘用决定均不考虑年龄、种族、信仰、肤色、宗教、性别、国籍、血统、残疾状况、退伍军人身份、性取向、性别认同或表达、基因信息、婚姻状况、公民身份或任何其他受联邦、州或地方法律保护的因素。
求职者在招聘过程中没有义务披露已封存或已删除的定罪或逮捕记录。
埃森哲致力于为我们的男女军人提供退伍军人就业机会。
请阅读埃森哲的招聘和聘用声明,了解更多关于我们在招聘和聘用过程中如何处理您的数据的信息。
We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.
We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.
At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.
Join Accenture to work at the heart of change. Visit us at www.accenture.com.