Title: Security Operations Center Tier II Lead
Organization: Corporate Functions
Location: Chicago, IL
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions - underpinned by the world's largest delivery network - Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 505,000 people serving clients in more than 200 cities with operations across 51 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com .
People in the Corporate Function contribute to the running of Accenture as a high- performance business through specialization within a specific functional area and grow into internally focused roles by deepening their skills and/or developing new skills within an internal functional area.
As a senior member of the global Cyber Incident Response Team (CIRT) Security Operations Center (SOC) Tier II, investigate security events escalated by SOC Tier I analysts that may negatively impact Accenture, including hacking attempts, intrusions, computer virus infections, and other security threats. Participate in malware/forensic investigations to identify indicators, cause, depth of compromise, and work collaboratively with Tier III investigators to remediate. Assess and prioritize security events escalated by the SOC (Tier I) and events generated by Accenture's security monitoring tools.
The role requires 3-4 hours per month that will fall on the weekend
- Investigate security events using a wide range of logs, SIEM, EDR tools, and other security tools to identify the root cause
- Identify patterns/outliers within data sets that match threat actor TTPs, post compromise activity, insider threat, and other unusual behavior
- Develop and provide remediation/mitigation recommendations to enhance the security posture of the organization
- Escalate events to Tier III requiring additional resources to resolve
- Investigate suspicious emails identified by email protection systems or reported by end-users
- Participate in threat hunting activities and investigate potential threats based on current intelligence and information gathered from security events
- Provide detailed responses to incidents within the ticketing system
- Develop new and enhance existing incident response processes and playbooks
- Create detailed incident reports if needed
- Mentor, train, and advise junior members of the SOC Tier I and SOC Tier II teams on incident investigation and analysis
- Bachelor's Degree or equivalent experience
- Minimum 3 years working in an incident response or SOC role
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science
- Experience leading a team
- Professional Security Certifications (Including or equivalent to GCIH, GCFA, GCIA)
- Experience with Splunk
- Experience with Tanium
- Experience with Microsoft Defender ATP
- Experience with Proofpoint
- Experience with FireEye
- Demonstrated leadership in professional setting; either military or civilian
- Demonstrated teamwork and collaboration in a professional setting; either military or civilian
$75,600 - $122,799 and information on benefits offered is here.
What We Believe
We have an unwavering commitment to diversity with the aim that every one of our people has a full sense of belonging within our organization. As a business imperative, every person at Accenture has the responsibility to create and sustain an inclusive environment.
Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and more creative, which helps us better serve our clients and our communities. Read more here
Equal Employment Opportunity Statement
Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Accenture is committed to providing veteran employment opportunities to our service men and women.
For details, view a copy of the Accenture Equal Opportunity and Affirmative Action Policy Statement .
Requesting An Accommodation
Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 (877) 889-9009, send us an email or speak with your recruiter.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.