Federal - Senior Incident Response Engineer
- Washington, DC
Organization: Accenture Federal Services
Location: Washington, DC
Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, Virginia. Accenture's federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.
We believe that great outcomes are everything. It's what drives us to turn bold ideas into breakthrough solutions. By combining digital technologies with what works across the world's leading businesses, we use agile approaches to help clients solve their toughest problems fast-the first time. So, you can deliver what matters most.
Count on us to help you embrace new ways of working, building for change and put customers at the core. A wholly owned subsidiary of Accenture, we bring over 30 years of experience serving the federal government, including every cabinet-level department. Our 7,200 dedicated colleagues and change makers work with our clients at the heart of the nation's priorities in defense, intel, public safety, health and civilian to help you make a difference for the people you employ, serve and protect.
- Supports development of technical solutions to support client's requirements in solving moderately complex network, platform, and system security problems.
- Create and modify security SIEM dashboards to clearly identify scope of findings, or monitor activity
- Identify patterns/outliers within data sets that match threat actor TTPs, post compromise behavior, and otherwise unusual activity, such as insider threat.
- Provide expert analysis investigative support of large scale and complex security incidents, and in many cases identify incidents for which a technical detection may not be available.
- Conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations in order to identify IOCs
- Provide Tier III services reviewing investigation tickets, feedback to SOC analysts on analysis/writeup, developing tune request across all security products providing alerts, advanced network traffic and log analysis, working any escalated investigation requiring IR response such as insider threat, APT detection, complex malware analysis/forensics activities.
- Tracks investigations to resolution and can provide an after action report as required.
Basic Skills & Requirements
- 3+ years related work experience in one or more of the following organizations: Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) and with a foundation as a Security Operations Center (SOC) analyst.
- Incident Response experience: developing tune requests, investigating APT related activities, updating SOPs, and improving processes.
- Experience with Anti-Virus, Intrusion Detection Systems, Data Loss Prevention, Endpoint Tools, Packet Capture, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions (eg Splunk)
Preferred Skills & Qualifications:
- Experience with tickets systems such as Archer and Service Now.
- Scripting experience to automate queries and streamline tasks (eg. Python, PowerShell)
- Strong foundation with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages.
- One or more of the following certifications are strongly desired:
- GIAC Certified Detection Analyst (GCDA)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Perimeter Protection Analyst (GPPA)
- GIAC Defending Advanced Threats (GDAT)
- GIAC Network Forensic Analyst (GNFA)
- Experience working within a government agency
- Digital Media Analysis (DMA), prior computer forensics, Cyber Threat Intelligence or Cyber Hunt experience strongly desired
An active security clearance or the ability to obtain one may be required for this role.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States and with Accenture (i.e., H1-B visa, F-1 visa (OPT), TN visa or any other non-immigrant status).
Accenture is a Federal Contractor and an EEO and Affirmative Action Employer of Females/Minorities/Veterans/Individuals with Disabilities.
Equal Employment Opportunity
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
Accenture is committed to providing veteran employment opportunities to our service men and women.
DC,DC - Washington
Back to top