Senior Investigator - Digital Forensics & Incident Response

About The Position

Requirements

• Bachelor's degree or equivalent work experience
• Minimum 4-6 years of DFIR experience with demonstrated expertise in complex investigations
• Ability to obtain federal government security clearances as required by client engagements
• Strong knowledge of enterprise incident response, digital forensics and cyber incident investigation processes
• Expert-level familiarity with common DFIR toolsets (Volatility, X-Ways, FTK, EnCase, Autopsy, etc.)
• Deep DFIR knowledge of Microsoft Windows, GNU/Linux and MacOS operating systems
• Advanced experience with memory forensics and malware analysis
• Proven ability to derrive attacker TTPs and develop indicators of compromise
• Experience leading investigation workstreams and mentoring junior team members
• Strong understanding of enterprise environments, Active Directory, and common attack patterns
• Excellent project management, analytical, and client-facing communication skills
• Ability to solve complex forensic challenges that require advanced techniques
• Experience with threat hunting on both endpoint and network
• Proven track record of producing accurate, defensible, well-documented analysis
• Knowledge of eradication techniques, monitoring improvements, and protection capabilities
• Ability to develop and implement dynamic remediation plans in conjunction with incident response engagements

Nice To Haves

• Experience with Cloud environments (AWS, Azure, GCP) and cloud-native forensics
• Experience with OT and ICS environments
• Proficiency in scripting and programming languages (Python, PowerShell, Bash)
• Experience with reverse engineering and sandboxing technologies
• Advanced malware analysis capabilities (unpacking, deobfuscation, behavior analysis)
• Contributions to open-source DFIR tools or methodologies
• Active participation in the security community (conferences, publications, training development)
• Security certifications such as GCFA, GCFE, GREM, GCIH, CEH, or similar
• Advanced certifications (SANS 500-level, OSCP, OSCE)

Responsibilities

• Conduct complex forensic analysis including advanced memory forensics, malware triage, encrypted artifact recovery, and anti-forensics detection
• Perform host and network digital forensics, log analysis, and threat hunting in support of incident response investigations
• Leverage EDR solutions, cloud platforms (AWS, Azure, GCP), and threat intelligence to identify attacker Tactics, Techniques and Procedures (TTPs)
• Conduct incident response within various Cloud, OT, and traditional enterprise environments
• Develop indicators of compromise and contribute to comprehensive attack timelines
• Create automation tools and scripts that improve team efficiency and investigation capabilities
• Mentor and train 2-4 investigators across multiple cases, building team capability
• Provide quality assurance on investigator findings before Primary Investigator review
• Lead medium to large workstreams (20-50+ systems) with minimal oversight
• Support Primary Investigators with technical decision-making and investigation strategy
• Translate strategic investigation direction into tactical tasks for team execution
• Effectively communicate and interface with customers, both technically and strategically, to customer stakeholders and legal counsel throughout the engagement lifecycle
• Author comprehensively written client reports on investigative findings with defensible conclusions
• Present technical findings in client calls when appropriate
• Support Accenture leadership in properly scoping engagements with innovative methodical approaches

Benefits

• Annual Salary Range: $75,400 to $125,400