Job Description

Our Cyber Investigation and Forensic Response (CIFR) practice is rapidly growing, and we are hiring mid to very senior level professionals to work with our F500 enterprise customers. With our recent acquisitions we continue to enhance our incident response, threat hunting, forensics, threat intelligence, and purple teaming capabilities.

With Accenture Security, you will be part of a specialized team to respond to some of the largest and most complex data breaches around the world, as well as conduct cyber threat hunting in some of the most complex business environments, leveraging a variety of tools and techniques. You will work in a fast-paced and highly collaborative environment along with a diverse team of talent, in support of one mission – providing expert incident response services to Accenture customers.

The Incident Response Cyber Threat Intelligence Specialist (IR CTI) position is a hybrid role designed to provide embedded tactical intelligence support to CIFR investigations. The ideal candidate will have previous incident response and computer forensics experience, as well as significant experience performing cyber threat intelligence work. You will serve as the conduit between Accenture Security’s CIFR and Cyber Threat Intelligence (CTI) teams, leveraging CTI capabilities and knowledge to enhance CIFR investigations, and in turn providing data from CIFR engagements to further enrich the CTI knowledge base. In this role, you will work side by side with CIFR investigators, using your expertise to help enhance and accelerate successful resolution of IR efforts for our customers.

Show more


Job Functions

  • Support end-to-end incident response investigations with Accenture’s customers
  • Support CIFR efforts to identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
  • Hunt for and identify threat actor groups and their techniques, tools and processes
  • Identify attacker tools, tactics and procedures to develop IOCs
  • Support threat hunting efforts across customer’s networks with indicators of compromise, hunting for evidence of a compromise
  • Analyze adversarial IOCs and their respective tactics, techniques and procedures (TTPs) to provide unique insight into current and emerging threat groups and campaigns, and generate actionable intelligence
  • Participate in the drafting and ultimate dissemination of finished tactical and operational threat intelligence products (reports, briefings, etc.)
  • Develop and continuously tune detection signatures (e.g., YARA and Snort signatures) for both immediate client consumption and to maintain visibility into adversarial malware variants and tooling.  
  • Collect, analyze, and provide an informed assessment of technical IOCs gathered during CIFR engagements to better understand incidents and help refine detection and response efforts. 
  • Participate in drafting of comprehensive and accurate oral and written reports and presentations for both technical and executive audiences
  • Effectively communicate and interface with customers, both technically and strategically from the executive level, to customers stakeholders and legal counsel
  • Support engagement delivery from kickoff through remediation, either on premises or remote, depending on customer requirements


  • Minimum 2 years of experience tracking advanced persistent threats (APTs) and targeted cyber-crime threat campaigns, including but not limited to their associated TTPs and malicious tools. 
  • Minimum 2 years of comparable experience /expert knowledge of forensic file system and memory techniques and use of the most commonly used toolsets, such as EnCase and FTK Suite
  • Minimum 2 years of comparable experience/ deep technical knowledge of methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
  • Minimum 2 years of comparable experience with IDA Pro, OllyDbg, other disassemblers/debuggers
  • Minimum 2 years of comparable experience/thorough understanding of cyber security operations, security monitoring, EDR and SIEM tools, to include Endgame, Falcon, and Splunk
  • Minimum 2 years of comparable experience/detailed knowledge of Windows & Unix based operating systems and administrative tools, Windows disk and memory forensics, Unix or Linux disk and memory forensics, and Static and dynamic malware analysis


  • Bachelor's Degree in Computer Engineering, Computer Science, Cyber Security, Information Security or related disciplines
  • Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP
  • Network traffic and protocol analysis utilizing tools such as Wireshark
  • Applied knowledge of security controls such as authentication and identity management, security enhanced network architectures and application-based controls (including Windows, Unix, and network equipment)
  • Excellent time management, writing and communication skills
  • Strong analytic, qualitative, and quantitative reasoning skills

What We Believe

We have an unwavering commitment to diversity with the aim that every one of our people has a full sense of belonging within our organization. As a business imperative, every person at Accenture has the responsibility to create and sustain an inclusive environment.

Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and more creative, which helps us better serve our clients and our communities. Read more here

Equal Employment Opportunity Statement

Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.

All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Accenture is committed to providing veteran employment opportunities to our service men and women.

For details, view a copy of the Accenture Equal Opportunity and Affirmative Action Policy Statement.

Requesting An Accommodation

Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.

If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 (877) 889-9009, send us an email or speak with your recruiter.

Other Employment Statements

Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.

Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.

Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.

COVID-19 update:  The safety and well-being of our candidates, our people and their families continues to be a top priority. Until travel restrictions change, interviews will continue to be conducted virtually. 

Life at Accenture

Work where you're inspired to explore your passions and where your talents are nurtured and cultivated. Innovate with leading-edge technologies on some of the coolest projects you can imagine.


Training and Development

Take time away to learn and learn all the time in our regional learning hubs, connected classrooms, online courses and learning boards.


Work Environment

Be your best every day in a work environment that helps drive innovation in everything you do.

Rewards & Benefits

With Accenture's Total Rewards, you are empowered to be your best—for the business, for your family, and for yourself.

View All

Learn more about Accenture

Our more than 500,000 people in more than 120 countries, combine unmatched experience and specialized skills across more than 40 industries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.

View All

Stay connected

Join our Team

Join Our Team

Search open positions that match your skills and interest. We look for passionate, curious, creative and solution-driven team players.

Keep up to date

Keep Up to Date

Stay ahead with careers tips, insider perspectives, and industry-leading insights you can put to use today–all from the people who work here.

Stay Connected

Job Alert Emails

Personalize your subscription to receive job alerts, latest news and insider tips tailored to your preferences. See what exciting and rewarding opportunities await.

View All