Digital Forensics and Incident Response Specialist

Ready to join Accenture’s team of empowered people? We’re looking for candidates with the following skills and experience for this role. Do you fit the profile? If you do, we’d love to hear from you!

In adherence to Accenture’s process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.

Who we are:

Accenture in the Philippines is a pioneer in Accenture’s global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture’s global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.

Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients’ challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.

What’s in it for you?

At Accenture you will work on meaningful and innovative projects, powered by the latest technologies. You’ll be immersed in industry best practices such as event-driven architectures and domain-driven designs.  Accenture will continually invest in your learning and growth. You'll work with Accenture’s certified practitioners, and Accenture will support you in growing your own tech stack and certifications.

Summary: A DFIR Analyst is a highly skilled member of ATCP Security DFIR Team, entrusted with the crucial responsibility of responding, investigating, and mitigating cybersecurity incidents, as well as conducting digital forensics examinations to collect, examining, and analyzing critical digital evidence.

Responsibilities:

• Perform incident response to cybersecurity incidents, including but not limited to APT & Nation State attacks, Ransomware infections and Malware outbreaks, Insider Threats, BEC, DDOS, Security and Data breach, etc.
• Conduct in-depth investigations of cybersecurity incidents, identifying the root cause, the extent of the impact, and recommended actions for containment, eradication, and recovery, and providing a final report that contains recommendations on how to prevent the same attack in the future by strengthening security posture.
• Collaborate with cross-functional teams to gather information, coordinate incident response efforts, and communicate findings to relevant stakeholders, including management and legal teams.
• Perform digital forensics examinations on various digital devices (workstations, servers, mobile devices, etc.) to collect, analyze, and preserve evidence related to security incidents or policy violations.
• Develop/Update incident response plan, playbooks, process, and process documentation to ensure standardized incident response procedures.
• Participate in threat hunting activities, proactively seeking out and identifying potential security threats and weaknesses.
• Assist in implementing and fine-tuning security tools and technologies to enhance threat detection and incident response capabilities.
• Conduct training sessions and workshops to educate employees on cybersecurity best practices and incident response procedures

Requirements:

• Strong Incident Response Knowledge: Well-versed in incident response life cycle. Capable of conducting thorough investigations, analyzing collected data, and determining the scope, impact, and root cause of security incidents. Skilled at collaborating with incident response teams to provide timely remediation recommendations.
• Familiarity with MITRE ATT&CK Framework: Knowledgeable about the MITRE ATT&CK framework, including its various tactics, techniques, and procedures (TTPs). Able to leverage the framework to identify and categorize adversary behaviors and map them to relevant security controls.
• Expertise in Digital Forensics: Proficient in conducting digital forensics investigations on both host systems (on-prem and cloud) and network infrastructures. Skilled at analyzing digital evidence, performing memory, disk, and network forensics, and extracting relevant artifacts to understand the nature of security incidents.
• Strong Understanding of Networking, Operating Systems, and Security Fundamentals: Possess a solid foundation in networking protocols, operating systems (Windows and Linux), and core security concepts. Understand how different components interact within an IT environment and their potential security implications.
• Competent in Static and Dynamic Malware Analysis: Capable of analyzing malicious software (malware) using both static and dynamic analysis techniques. Able to analyze malware samples to understand their functionalities, persistence mechanisms, and potential impact on systems.
• Knowledge of Various Security Technologies: Well-versed in different security technologies such as SIEM (Security Information and Event Management), endpoint security solutions, network security devices, and email security systems.
• Familiar with their functionalities, deployment, and monitoring practices.
• Knowledge of Various Forensics  Tools: Well-versed in different enterprise and open-source forensics tools such as FTK, Autopsy, Volatility, Eric Zimmerman's Tools, EnCase, Magnet Axiom, SIFT, REMnux, etc.
• Being knowledgeable in Mobile Forensics (Android and iOS) is a plus
• Being knowledgeable in Mobile Application analysis (Android and iOS) is a plus
• Being knowledgeable in Threat Intelligence Lifecycle and types of Threat Intelligence (Operational, Tactical, Strategic) is a plus
• Being knowledgeable in Threat Hunting methodologies and types of Threat Hunting (Threat Intelligence-driven, Security Incident Driven, Hypothesis Driven, Compromise Assessment) is a plus
• Being knowledgeable in scripting languages (Python, PowerShell, etc.) to automate analysis is a plus
• Certification is a Plus: Possess relevant certifications in the field of cybersecurity, such as SANS GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GCFE (GIAC Certified Forensic Examiner) or other industry-recognized certifications. These certifications validate expertise and demonstrate a commitment to professional development.

Additional Information:
- Open to hiring SOC L2 or L3 candidates with 2–4 years of experience , provided you have completed at least one of the following certifications :

• CDSA, CPTS
• OSDA, OSCP
• GCFA, GMON, GCIH, GREM
• CRTO, CRTL, CRTP

- Must be amenable with possible shifting schedule at Cubao, with a hybrid work set-up.

Joining Bonus up to ₱80,000 for qualified hires (details discussed at offer stage)

What we believe:

All our leaders are committed to building a better, stronger and more durable company for future generations to create positive, long-lasting change. Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and creative, which helps us better serve our clients and our communities.

Our position as partner to many of the world’s leading businesses, organizations and governments affords us both an extraordinary opportunity and a tremendous responsibility to make a difference. Sustainability is one of our greatest responsibilities, which we embed it into everything we do and for everyone we work with.

Accenture is committed to providing equal employment opportunities for persons with disabilities. Please let your recruiter know if you require reasonable accommodation to enable your participation in the recruitment process, they will be happy to assist you.

What’s in it for you?

• Competitive Total Rewards (Compensation, Performance Bonus, 13th Month Pay, Day 1 HMO & Life Insurance Coverage)
• Expanded maternity leave up to 120 days*
• Expanded paternity leave up to 30 days*
• Flexible Working Arrangements*
• Healthy and Encouraging Work Environment
• Company-sponsored trainings like upskilling and certification
• Employee Stock Purchase Pan
• Loyalty and Christmas Gift
• Inclusion and Diversity Benefits
• Car and housing plan*

Learning & Certification Support (CRRR):
As part of our Cybersecurity team, employees will have an opportunity to pursue advanced certifications under Cyber Resilience, Response, and Recovery (CRRR), including:

• CDSA, CPTS 
• OSDA, OSCP
• GCFA, GCFE, GMON, GCIH, GREM 
• CRTO, CRTL 

Certification sponsorship and upskilling opportunities will be provided to support continuous learning and career growth.

*Terms & Conditions apply

Equal employment Opportunity Statement:

All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

Accenture is committed to providing veteran employment opportunities to our service men and women.

Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.

IMPORTANT REMINDER: We appreciate your interest in applying with Accenture. Please ensure to complete your profile and accomplish all required information in Workday within the next 24 hours, in order for us to start processing your application. You may access Workday by clicking the “Apply Now” button or refer to the link sent via SMS or email.

#LI-PH

Quezon City

Equal Employment Opportunity Statement

All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

Accenture is committed to providing veteran employment opportunities to our service men and women.

Please read Accenture’s  Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.

We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.

We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.

At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.

Join Accenture to work at the heart of change. Visit us at .