The Cyber Incident Response Team (CIRT) is responsible for conducting investigations (primary) and responding to network intrusions (secondary).
Conducting Investigations (Primary)
Of primary importance, CIRT is responsible for establishing a chain of custody for evidence, conducting necessary computer forensics, including bit stream backups of suspect media and hard drive analysis. These investigations may include embezzlement, intellectual property theft, harassment, fraud and trafficking of pornography on the Internet or Accenture''s intranet, as well as other types of fraud. CIRT''s assistance also extends to mail file reviews and e-mail tracing as needed in support of these investigations. CIRT also provides technical support to Human Resources and Accenture Legal & Commercial offices in conducting internal investigations.
Responding to Network Intrusions and/or Incidents (Secondary)
Second, CIRT is responsible for coordinating with the numerous groups which could be involved in responding to intrusions, as well as conducting follow-up investigations to such incidents.
This position will be responsible for conducting forensic examinations of Accenture computers, mobile devices, and mail files in support of CIRT investigations, and other responsibilities as described below:
1.Triage cases coming to CIRT
2.Perform cyber incident investigations, determining the cause of the security incident and appropriately preserving evidence for potential legal action
3.Perform detailed forensic analysis on writable media. Media may include hard disks, external drives, and mobile phones.
4.Assess artifacts and close incident vulnerability as appropriate -- preserve technical evidence as appropriate
5.Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
Must Have Skills:
Very strong sense of ethics/values - ability to handle confidential investigations with discretion
4-5 years media forensics experience
Good understanding of data networking, computer operating systems (especially workstations), hard disk forensics, mobile forensics, and computer hardware
Ability to manipulate and present data using MS Excel
Good Understanding of forensics and intrusion detection
Good problem-solving skills
Good oral and written communication skills
Must have or pursuing GCFA, GCIH, EnCE, or similar certifications.
Nice to Have Skills:
Programming and/or scripting skills
Experience using Encase V6 Forensics Tool
IT Security Architecture
Vulnerability, Penetration testing, AV, IDS management
CISSP, CISA, CCSA, CCSE, MCSE and/or CCNA certification