TO34 Incident Response and Forensics Lead

At Accenture Federal Services, nothing matters more than helping the US federal government make the nation stronger and safer and life better for people. Our 13,000+ people are united in a shared purpose to pursue the limitless potential of technology and ingenuity for clients across defense, national security, public safety, civilian, and military health organizations.   Join Accenture Federal Services to do the work you love in an inclusive, collaborative, and caring community, where you can be empowered to grow, learn and thrive through hands-on experience, certifications, industry training and more.   Join us to drive positive, lasting change that moves missions and the government forward!  

We are:

Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, VA, San Antonio, TX, and St. Louis, MO. Accenture's federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.

We believe that great outcomes are everything. It’s what drives us to turn bold ideas into breakthrough solutions. By combining digital technologies with what works across the world’s leading businesses, we use agile approaches to help clients solve their toughest problems fast—the first time. So, you can deliver what matters most.

Count on us to help you embrace new ways of working, building for change and put customers at the core. A wholly owned subsidiary of Accenture, we bring over 30 years of experience serving the federal government, including every cabinet-level department. Our 9,000 dedicated colleagues and change makers work with our clients at the heart of the nation’s priorities in defense, intel, public safety, health and civilian to help you make a difference for the people you employ, serve and protect.

 

The Work:

This is a hands-on role, responsible for managing a team and performing investigations, analysis, and responses to cyber incidents. This person must be able to work on-site. This role provides technical support in areas of cyber security to include cloud security, endpoint security, access management, secure networking, and incident response. Responsibilities include but are not limited to: Manage day to day operations of the team. Perform briefings, direct coordination with the customer, develop responses to incidents to upper Federal Leadership. Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Coordinate incident response functions.  Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response.

 Here's what you need:

• 7+ years of relevant Cybersecurity work experience.
• Experience with NIST compliance.
• Experience in intrusion detection methodologies and techniques for detecting host and network-based intrusions, cyber defense and information security policies, procedures, and regulations.
• Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters), performing damage assessments, securing network communications, and using security event correlation tools.
• Experience with incident categories, incident responses, and timelines for responses and handling methodologies.
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored) and of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of malware analysis concepts and methodologies and skills to identify, capture, contain and report malware.
• Knowledge of cloud service models and how those models can limit incident response.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of system administration, network, and operating system hardening techniques.
• Experience recognizing and categorizing system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Excellent written and verbal skills.

Bonus points if you have:

• At least one current recognized security professional certification
• Experience with EnCase Enterprise toolsets
• Experience with CrowdStrike or similar endpoint detection & response tools
• Experience with Cellebrite UFED toolsets
• Experience with cloud service providers, such as Microsoft AWS and Azure
• Experience with cloud containers

US Citizens with TS clearance required.

 

As required by local law, Accenture Federal Services provides reasonable ranges of compensation for hired roles based on labor costs in the states of California, Colorado, Hawaii, New York, Washington, and the District of Columbia. The base pay range for this position in these locations is shown below. Compensation for roles at Accenture Federal Services varies depending on a wide array of factors, including but not limited to office location, role, skill set and level of experience. Accenture Federal Services offers a wide variety of benefits. You can find more information on benefits here. We accept applications on an on-going basis and there is no fixed deadline to apply.

 

The pay range for the states of California, Colorado, Hawaii, New York, Washington, and the District of Columbia is:$97,300—$234,900 USD  What We Believe  We have an unwavering commitment to diversity with the aim that every one of our people has a full sense of belonging within our organization. As a business imperative, every person at Accenture Federal Services has the responsibility to create and sustain an inclusive environment.   Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and more creative, which helps us better serve our clients and our communities. Read more here   Equal Employment Opportunity Statement Accenture Federal Services is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.    All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.   Accenture is committed to providing veteran employment opportunities to our service men and women.    For details, view a copy of the Accenture Equal Opportunity and Affirmative Action Policy Statement.   Requesting An Accommodation  Accenture Federal Services is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture Federal Services and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.   If you are being considered for employment opportunities with Accenture Federal Services and need an accommodation for a disability or religious observance during the interview process or for the job you are interviewing for, please speak with your recruiter.   Other Employment Statements  Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.   Candidates who are currently employed by a client of Accenture Federal Services or an affiliated Accenture business may not be eligible for consideration.   Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.   The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.