Senior Investigator Digital Forensics, Incident Response (DFIR)

About The Position

Requirements

• Bachelor's degree or equivalent (minimum 12 years) work experience. (If Associate’s Degree, must have minimum 6 years work experience)
• Minimum 4 years of Digital Forensics, Incident Response (DFIR) experience with demonstrated expertise in complex investigations.
• Ability to obtain US security clearances as required by client engagement.
• Minimum of 3 years of demonstrated experience in: Enterprise incident response, digital forensics and cyber incident investigation processes.
• Common DFIR toolsets (Volatility, X-Ways, FTK, EnCase, Autopsy, etc.).
• Microsoft Windows, GNU/Linux and MacOS operating systems.
• Memory forensics and malware analysis.
• Developing indicators of compromise and deriving attacker TTPs.
• Leading investigation workstreams and mentoring junior team members.
• Enterprise environments, Active Directory, and common attack patterns.
• Project management, analytical, and client-facing communication skills.
• Solving complex forensic challenges that require advanced techniques.
• Threat hunting on both endpoints and networks.
• Producing accurate, defensible, well-documented analysis.
• Eradication techniques, monitoring improvements, and protection capabilities.
• Developing and implementing dynamic remediation plans in conjunction with incident response engagements.

Nice To Haves

• Experience with Cloud environments (AWS, Azure, GCP) and cloud-native forensics.
• Experience with OT and ICS environments.
• Proficiency in scripting and programming languages (Python, PowerShell, Bash).
• Experience with reverse engineering and sandboxing technologies.
• Advanced malware analysis capabilities (unpacking, deobfuscation, behavior analysis).
• Contributions to open-source DFIR tools or methodologies.
• Active participation in the security community (conferences, publications, training development).
• Security certifications such as GCFA, GCFE, GREM, GCIH, CEH, or similar.
• Advanced certifications (SANS 500-level, OSCP, OSCE).

Responsibilities

• Conduct complex forensic analysis including advanced memory forensics, malware triage, encrypted artifact recovery, and anti-forensics detection.
• Perform host and network digital forensics, log analysis, and threat hunting in support of incident response investigations.
• Leverage EDR solutions, cloud platforms (AWS, Azure, GCP), and threat intelligence to identify attacker Tactics, Techniques and Procedures (TTPs).
• Conduct incident response within various Cloud, OT, and traditional enterprise environments.
• Develop indicators of compromise and contribute to comprehensive attack timelines.
• Create automation tools and scripts that improve team efficiency and investigation capabilities.
• Mentor and train 2-4 investigators across multiple cases, building team capability.
• Provide quality assurance on investigator findings before Primary Investigator review.
• Lead medium to large workstreams (20-50+ systems) with minimal oversight.
• Support Primary Investigators with technical decision-making and investigation strategy.
• Translate strategic investigation direction into tactical tasks for team execution.
• Effectively communicate and interface with customers, both technically and strategically, to customer stakeholders and legal counsel throughout the engagement lifecycle.
• Author comprehensively written client reports on investigative findings with defensible conclusions.
• Present technical findings in client calls when appropriate.
• Support Accenture leadership in properly scoping engagements with innovative methodical approaches.

Benefits

• Medical, dental, vision, life, and long-term disability coverage
• 401(k) plan
• Bonus opportunities
• Paid holidays
• Paid time off