Accenture logo
IR/CTI Specialist - Accenture United States Bookmark Share Print 1223 0 10

Listing Description

The IR/CTI Specialist position is a hybrid role designed to provide embedded tactical intelligence support to CIFR investigations. The ideal candidate will have previous incident response and computer forensics experience, as well as significant experience performing cyber threat intelligence work. This person will serve as a conduit between Accenture Security’s CIFR and Cyber Threat Intelligence (CTI) teams, leveraging CTI capabilities and knowledge to enhance CIFR investigations, and in turn providing data from CIFR engagements to further enrich the CTI knowledge base.  In this role, you will work side-by-side with CIFR investigators, using your expertise to help enhance and accelerate successful resolution of IR efforts for our customers.

 

Job Functions

  • Support end-to-end incident response investigations with Accenture’s customers
  • Support CIFR efforts to identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
  • Hunt for and identify threat actor groups and their techniques, tools, and processes 
  • Identify attacker tools, tactics, and procedures to develop indicators of compromise
  • Support threat hunting efforts across customer’s networks with indicators of compromise, hunting for evidence of a compromise
  • Analyze adversarial indicators of compromise (IOCs) and their respective tactics, techniques, and procedures (TTPs) to provide unique insight into current and emerging threat groups and campaigns and generate actionable intelligence.
  • Participate in the drafting and ultimate dissemination of finished tactical and operational threat intelligence products (reports, briefings, etc.). 
  • Develop and continuously tune detection signatures (e.g., YARA and Snort signatures) for both immediate client consumption and to maintain visibility into adversarial malware variants and tooling.  
  • Collect, analyze, and provide an informed assessment of technical IOCs gathered during CIFR engagements to better understand incidents and help refine detection and response efforts. 
  • Participate in drafting of comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
  • Effectively communicate and interface with customers, both technically and strategically from the executive level, to customers stakeholders and legal counsel
  • Support engagement delivery from kickoff through remediation, either on premises or remote, depending on customer requirements

 

Qualifications

Basic Qualifications

  • Minimum 2 years of experience tracking advanced persistent threats (APTs) and targeted cyber-crime threat campaigns, including but not limited to their associated TTPs and malicious tools. 
  • Minimum 2 years of comparable experience /expert knowledge of forensic file system and memory techniques and use of the most commonly used toolsets, such as EnCase and FTK Suite
  • Minimum 2 years of comparable experience/ deep technical knowledge of methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
  • Minimum 2 years of comparable experience with IDA Pro, OllyDbg, other disassemblers/debuggers
  • Minimum 2 years of comparable experience/thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame, Falcon, and Splunk
  • Minimum 2 years of comparable experience/detailed knowledge of Windows & Unix based operating systems and administrative tools, Windows disk and memory forensics, Unix or Linux disk and memory forensics, and Static and dynamic malware analysis

Nice Skills to Have

  • Bachelor's Degree in Computer Engineering, Computer Science, Cyber Security, Information Security or related disciplines
  • Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP
  • Network traffic and protocol analysis utilizing tools such as Wireshark
  • Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application-based controls (including Windows, Unix, and network equipment)
  • Excellent time management, writing and communication skills
  • Strong analytic, qualitative, and quantitative reasoning skills


Listing Details

  • Salary: $0 - $200000
  • Citizenship: Us Citizen
  • Incentives: Bonus

 

  • Education: Not Provided
  • Travel: Travel 25
  • Telework: Full Telecommute



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765