We are:

Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, VA, San Antonio, TX, and St. Louis, MO. Accenture's federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.
We believe that great outcomes are everything. It’s what drives us to turn bold ideas into breakthrough solutions. By combining digital technologies with what works across the world’s leading businesses, we use agile approaches to help clients solve their toughest problems fast—the first time. So, you can deliver what matters most.
Count on us to help you embrace new ways of working, building for change and put customers at the core. A wholly owned subsidiary of Accenture, we bring over 30 years of experience serving the federal government, including every cabinet-level department. Our 9,000 dedicated colleagues and change makers work with our clients at the heart of the nation’s priorities in defense, intel, public safety, health and civilian to help you make a difference for the people you employ, serve and protect.

The Work:

This is a hands-on role, responsible for managing a team and performing investigations, analysis, and responses to cyber incidents. This person must be able to work on-site. This role provides technical support in areas of cyber security to include cloud security, endpoint security, access management, secure networking, and incident response. Responsibilities include but are not limited to: Manage day to day operations of the team. Perform briefings, direct coordination with the customer, develop responses to incidents to upper Federal Leadership. Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Coordinate incident response functions. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response.

 Here's what you need:

• 7 years of relevant Cybersecurity work experience.
• Experience with NIST compliance.
• Experience in intrusion detection methodologies and techniques for detecting host and network-based intrusions, cyber defense and information security policies, procedures, and regulations.
• Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters), performing damage assessments, securing network communications, and using security event correlation tools.
• Experience with incident categories, incident responses, and timelines for responses and handling methodologies.
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored) and of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of malware analysis concepts and methodologies and skills to identify, capture, contain and report malware.
• Knowledge of cloud service models and how those models can limit incident response.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of system administration, network, and operating system hardening techniques.
• Experience recognizing and categorizing system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Excellent written and verbal skills.

Bonus points if you have:

• At least one current recognized security professional certification
• Experience with EnCase Enterprise toolsets
• Experience with CrowdStrike or similar endpoint detection & response tools
• Experience with Cellebrite UFED toolsets
• Experience with cloud service providers, such as Microsoft AWS and Azure
• Experience with cloud containers

US Citizens with TS clearance required.