Skip to main content Skip to footer

Digital Forensics and Incident Response Analyst

Mandaluyong City Job No. r00166542

Job Description

Job Title: Digital Forensics and Incident Response Analyst

A DFIR Analyst is a highly skilled member of ATCP Security Crisis and Incident Response (C&IR) Team, entrusted with the crucial responsibility of responding, investigating, and mitigating cybersecurity incidents, as well as conducting digital forensics examinations to collect, examining, and analyzing critical digital evidence.


  • Minimum of 5 years Digital Forensics and Incident Response relevant experience

  • Perform incident response to cybersecurity incidents, including but not limited to APT & Nation State attacks, Ransomware infections and Malware outbreaks, Insider Threats, BEC, DDOS, Security and Data breach, etc.

  • Conduct in-depth investigations of cybersecurity incidents, identifying the root cause, the extent of the impact, and recommended actions for containment, eradication, and recovery, and providing a final report that contains recommendations on how to prevent the same attack in the future by strengthening security posture.

  • Collaborate with cross-functional teams to gather information, coordinate incident response efforts, and communicate findings to relevant stakeholders, including management and legal teams.

  • Perform digital forensics examinations on various digital devices (workstations, servers, mobile devices, etc.) to collect, analyze, and preserve evidence related to security incidents or policy violations.

  • Develop/Update incident response plan, playbooks, process, and process documentation to ensure standardized incident response procedures.

  • Participate in threat hunting activities, proactively seeking out and identifying potential security threats and weaknesses.

  • Assist in implementing and fine-tuning security tools and technologies to enhance threat detection and incident response capabilities.

  • Conduct training sessions and workshops to educate employees on cybersecurity best practices and incident response procedures



  • Strong Incident Response Knowledge: Well-versed in incident response life cycle. Capable of conducting thorough investigations, analyzing collected data, and determining the scope, impact, and root cause of security incidents. Skilled at collaborating with incident response teams to provide timely remediation recommendations.

  • Familiarity with MITRE ATT&CK Framework: Knowledgeable about the MITRE ATT&CK framework, including its various tactics, techniques, and procedures (TTPs). Able to leverage the framework to identify and categorize adversary behaviors and map them to relevant security controls.

  • Expertise in Digital Forensics: Proficient in conducting digital forensics investigations on both host systems (on-prem and cloud) and network infrastructures. Skilled at analyzing digital evidence, performing memory, disk, and network forensics, and extracting relevant artifacts to understand the nature of security incidents.

  • Strong Understanding of Networking, Operating Systems, and Security Fundamentals: Possess a solid foundation in networking protocols, operating systems (Windows and Linux), and core security concepts. Understand how different components interact within an IT environment and their potential security implications.

  • Competent in Static and Dynamic Malware Analysis: Capable of analyzing malicious software (malware) using both static and dynamic analysis techniques. Able to analyze malware samples to understand their functionalities, persistence mechanisms, and potential impact on systems.

  • Knowledge of Various Security Technologies: Well-versed in different security technologies such as SIEM (Security Information and Event Management), endpoint security solutions, network security devices, and email security systems.

  • Familiar with their functionalities, deployment, and monitoring practices.

  • Knowledge of Various Forensics  Tools: Well-versed in different enterprise and open-source forensics tools such as FTK, Autopsy, Volatility, Eric Zimmerman's Tools, EnCase, Magnet Axiom, SIFT, REMnux, etc.

  • Being knowledgeable in Mobile Forensics (Android and iOS) is a plus

  • Being knowledgeable in Mobile Application analysis (Android and iOS) is a plus

  • Being knowledgeable in Threat Intelligence Lifecycle and types of Threat Intelligence (Operational, Tactical, Strategic) is a plus

  • Being knowledgeable in Threat Hunting methodologies and types of Threat Hunting (Threat Intelligence-driven, Security Incident Driven, Hypothesis Driven, Compromise Assessment) is a plus

  • Being knowledgeable in scripting languages (Python, PowerShell, etc.) to automate analysis is a plus

  • Certification is a Plus: Possess relevant certifications in the field of cybersecurity, such as SANS GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GCFE (GIAC Certified Forensic Examiner) or other industry-recognized certifications. These certifications validate expertise and demonstrate a commitment to professional development.


  • Manila

Life at Accenture

Training and Development

Take time away to learn and learn all the time in our regional learning hubs, connected classrooms, online courses and learning boards.

Work Environment

Be your best every day in a work environment that helps drive innovation in everything you do.

Learn more about Accenture

Our Expertise

See how we embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.

Meet Our People

From entry-level to leadership, across all business and industry segments, get to know our people harnessing technology to make a difference, every day.

Stay connected

Join Our Team

Search open positions that match your skills and interest. We look for passionate, curious, creative and solution-driven team players.

Keep Up to Date

Stay ahead with careers tips, insider perspectives, and industry-leading insights you can put to use today–all from the people who work here.

Job Alert Emails

Personalize your subscription to receive job alerts, latest news and insider tips tailored to your preferences. See what exciting and rewarding opportunities await.