This job is no longer available. Continue your job search here.
Digital Forensics and Incident Response Associate Manager
Quezon City
Job No. atcp-996665-s364527
Full-time
Job Description
Ready to join Accenture’s team of empowered people? We’re looking for candidates with the following skills and experience for this role. Do you fit the profile? If you do, we’d love to hear from you!
In adherence to Accenture’s process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.
Who we are:
Accenture in the Philippines is a pioneer in Accenture’s global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture’s global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.
Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients’ challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.
What’s in it for you?
At Accenture you will work on meaningful and innovative projects, powered by the latest technologies. You’ll be immersed in industry best practices such as event-driven architectures and domain-driven designs. Accenture will continually invest in your learning and growth. You'll work with Accenture’s certified practitioners, and Accenture will support you in growing your own tech stack and certifications.
Job Description:
A DFIR Analyst is a highly skilled member of ATCP Security Cyber Response Team, entrusted with the crucial responsibility of responding, investigating, and mitigating cybersecurity incidents, as well as conducting digital forensics examinations to collect, examining, and analyzing critical digital evidence.
Responsibilities:
- Perform incident response to cybersecurity incidents, including but not limited to APT & Nation State attacks, Ransomware infections and Malware outbreaks, Insider Threats, BEC, DDOS, Security and Data breach, etc.
- Conduct in-depth investigations of cybersecurity incidents, identifying the root cause, the extent of the impact, and recommended actions for containment, eradication, and recovery, and providing a final report that contains recommendations on how to prevent the same attack in the future by strengthening security posture.
- Collaborate with cross-functional teams to gather information, coordinate incident response efforts, and communicate findings to relevant stakeholders, including management and legal teams.
- Perform digital forensics examinations on various digital devices (workstations, servers, mobile devices, etc.) to collect, analyze, and preserve evidence related to security incidents or policy violations.
- Develop/Update incident response plan, playbooks, process, and process documentation to ensure standardized incident response procedures.
- Participate in threat hunting activities, proactively seeking out and identifying potential security threats and weaknesses.
- Assist in implementing and fine-tuning security tools and technologies to enhance threat detection and incident response capabilities.
- Conduct training sessions and workshops to educate employees on cybersecurity best practices and incident response procedures
Qualifications
- At least 6 years relevant experience required
- Strong Incident Response Knowledge: Well-versed in incident response life cycle. Capable of conducting thorough investigations, analyzing collected data, and determining the scope, impact, and root cause of security incidents. Skilled at collaborating with incident response teams to provide timely remediation recommendations.
- Familiarity with MITRE ATT&CK Framework: Knowledgeable about the MITRE ATT&CK framework, including its various tactics, techniques, and procedures (TTPs). Able to leverage the framework to identify and categorize adversary behaviors and map them to relevant security controls.
- Expertise in Digital Forensics: Proficient in conducting digital forensics investigations on both host systems (on-prem and cloud) and network infrastructures. Skilled at analyzing digital evidence, performing memory, disk, and network forensics, and extracting relevant artifacts to understand the nature of security incidents.
- Strong Understanding of Networking, Operating Systems, and Security Fundamentals: Possess a solid foundation in networking protocols, operating systems (Windows and Linux), and core security concepts. Understand how different components interact within an IT environment and their potential security implications.
- Competent in Static and Dynamic Malware Analysis: Capable of analyzing malicious software (malware) using both static and dynamic analysis techniques. Able to analyze malware samples to understand their functionalities, persistence mechanisms, and potential impact on systems.
- Knowledge of Various Security Technologies: Well-versed in different security technologies such as SIEM (Security Information and Event Management), endpoint security solutions, network security devices, and email security systems.
- Familiar with their functionalities, deployment, and monitoring practices.
- Knowledge of Various Forensics Tools: Well-versed in different enterprise and open-source forensics tools such as FTK, Autopsy, Volatility, Eric Zimmerman's Tools, EnCase, Magnet Axiom, SIFT, REMnux, etc.
- Being knowledgeable in Mobile Forensics (Android and iOS) is a plus
- Being knowledgeable in Mobile Application analysis (Android and iOS) is a plus
- Being knowledgeable in Threat Intelligence Lifecycle and types of Threat Intelligence (Operational, Tactical, Strategic) is a plus
- Being knowledgeable in Threat Hunting methodologies and types of Threat Hunting (Threat Intelligence-driven, Security Incident Driven, Hypothesis Driven, Compromise Assessment) is a plus
- Being knowledgeable in scripting languages (Python, PowerShell, etc.) to automate analysis is a plus
- Certification is a Plus: Possess relevant certifications in the field of cybersecurity, such as SANS GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GCFE (GIAC Certified Forensic Examiner) or other industry-recognized certifications. These certifications validate expertise and demonstrate a commitment to professional development.
#LI-PH
