Senior Investigator Digital Forensics, Incident Response (DFIR)

We Are: Accenture Security is one of the fastest growing areas of our business, and our global Cyber Investigation and Forensic Response (CIFR) practice is at the heart of how we help clients prepare for, respond to, and recover from the most consequential cyber incidents. We deliver around-the-clock incident response services to our expanding portfolio of enterprise customers across the globe, providing expertise to multinational clients and shaping thought leadership inside and outside the firm. You Are: A hands‑on technical leader who excels in complex investigations. You have deep expertise in Digital Forensics, Incident Response, and threat analysis, and you have the composure to apply it under pressure during active incidents. You are equally comfortable briefing clients in the boardroom and performing deep analysis. You take ownership of investigations, mentor the people around you, and you raise the bar on what world‑class incident response looks like. The Work: Conduct complex forensic analysis including advanced memory forensics, malware triage, encrypted artifact recovery, and anti‑forensics detection Perform host and network digital forensics, log analysis, and threat hunting in support of incident response investigations Leverage EDR solutions, cloud platforms (AWS, Azure, GCP), and threat intelligence to identify attacker Tactics, Techniques and Procedures (TTPs) Conduct incident response within various Cloud, OT, and traditional enterprise environments Develop indicators of compromise and contribute to comprehensive attack timelines Create automation tools and scripts that improve team efficiency and investigation capabilities Mentor and train 2-4 investigators across multiple cases, building team capability Provide quality assurance on investigator findings before Primary Investigator review Lead medium to large workstreams (20-50+ systems) with minimal oversight Support Primary Investigators with technical decision-making and investigation strategy Translate strategic investigation direction into tactical tasks for team execution Effectively communicate and interface with customers, both technically and strategically, to customer stakeholders and legal counsel throughout the engagement lifecycle Author comprehensively written client reports on investigative findings with defensible conclusions Present technical findings in client calls when appropriate Support Accenture leadership in properly scoping engagements with innovative methodical approaches Travel may be required for this role. The amount of travel will vary from 0 to 100% depending on business need and client requirements. Here’s What You Need: Bachelor's degree or equivalent (minimum 12 years) work experience. (If Associate’s Degree, must have minimum 6 years work experience) Minimum 4 years of Digital Forensics, Incident Response (DFIR) experience with demonstrated expertise in complex investigations Ability to obtain US security clearances as required by client engagement Minimum of 3 years of demonstrated experience in Enterprise incident response, digital forensics and cyber incident investigation processes Common DFIR toolsets (Volatility, X‑Ways, FTK, EnCase, Autopsy, etc.) Microsoft Windows, GNU/Linux and MacOS operating systems Memory forensics and malware analysis Developing indicators of compromise and deriving attacker TTPs Leading investigation workstreams and mentoring junior team members Enterprise environments, Active Directory, and common attack patterns Project management, analytical, and client‑facing communication skills Solving complex forensic challenges that require advanced techniques Threat hunting on both endpoints and networks Producing accurate, defensible, well‑documented analysis Eradication techniques, monitoring improvements, and protection capabilities Developing and implementing dynamic remediation plans in conjunction with incident response engagements Bonus Points If: You have experience with Cloud environments (AWS, Azure, GCP) and cloud‑native forensics You have experience with OT and ICS environments You have proficiency in scripting and programming languages (Python, PowerShell, Bash) You have experience with reverse engineering and sandboxing technologies You have advanced malware analysis capabilities (unpacking, deobfuscation, behavior analysis) You have made contributions to open‑source DFIR tools or methodologies You have active participation in the security community (conferences, publications, training development) You hold security certifications such as GCFA, GCFE, GREM, GCIH, CEH, or similar You hold advanced certifications (SANS 500‑level, OSCP, OSCE) Compensation at Accenture varies depending on a wide array of factors, which may include but are not limited to the specific office location, role, skill set, and level of experience. As required by local law, Accenture provides a reasonable range of compensation for roles that may be hired as set forth below. We anticipate this job posting will be posted until 08/08/2026. Accenture offers a market competitive suite of benefits including medical, dental, vision, life, and long‑term disability coverage, a 401(k) plan, bonus opportunities, paid holidays, and paid time off. More information on our benefits here: Role Location Annual Salary Range California $70,350 to $205,800 Cleveland $59,100 to $164,600 Colorado $63,800 to $177,800 District of Columbia $68,000 to $189,300 Illinois $59,100 to $177,800 Maine $54,400 to $151,400 Maryland $63,800 to $177,800 Massachusetts $63,800 to $189,300 Minnesota $63,800 to $177,800 New York $66,300 to $205,800 New Jersey $68,000 to $205,800 Virginia $59,100 to $189,300 Washington $80,200 to $189,300 Requesting an Accommodation Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired. If you would like to be considered for employment opportunities with Accenture and have accommodation needs such as for a disability or religious observance, please call us toll free at View phone number on click.appcast.io or send us an email or speak with your recruiter. Equal Employment Opportunity Statement We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities. For details, view a copy of the Accenture Equal Opportunity Statement: Accenture is an EEO and affirmative action employer of veterans/individuals with disabilities. Accenture is committed to providing veteran employment opportunities to our service men and women. Other Employment Statements Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States. Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. Further, at Accenture a criminal conviction history is not an absolute bar to employment. The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information. California requires additional notifications for applicants and employees. If you are a California resident, live in or plan to work from Los Angeles County upon being hired for this position, please read the additional important information. Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process. #J-18808-Ljbffr Accenture