Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
The Deloitte Global Cybersecurity function is responsible for the firm's overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Specialist – Incident Response to join the team.
The Specialist – Incident Response reports to the Global Incident Response Manager. The role serves as the main incident responder performing technical services for cyber security incident investigations and assessing scope of incident damage.
As part of the Global Cybersecurity Incident Response Team, this professional performs the following:
Assists in preparation of internal and external communications
Maintains chain of custody of incident evidence
Provides physical security of collected data and devices
Provides recommendations to resolve incident and/or reduce impact of incident, to bypass and/or prevent future similar incidents
Provides technical services needed for cyber incident response investigations including, containment, eradication and remediation activities
Assists with assessing scope of incident damage
Assists in determination of incident severity
Responsible for maintaining documentation throughout a cyber incident
Assist in the drafting of post-incident reports to senior leadership to convey impact, origin, root cause, and remediation
Perform digital forensic services including, but not limiting to, collection, documentation, preservation and analysis of incident evidence
Maintains on-call availability for a 24x7x365 coverage
Coordinating shift hand-offs between different team members and/or locations
Establish and maintain strong working relationships with all teams required to support incident response including other enabling areas and member firms
Have you ever wanted to be on the frontlines ofcyber-defense? The Deloitte Global Incident Response (GCIR) team is the lastline of defense against adversarial activity. We are the tip of the spear inhelping to shape cyber-defense strategy as it relates to incident response andrecovery at a large Fortune 100 organization.
- Our focus is on incident response, digital forensics, & malware analysis but these are skills that can be taught as well
- Other areas for strong consideration would include rich experience with one or more of the following technologies Cylance, cloud technology (O365\\Azure\\AWS\\GCP), and/or Splunk
- GCIR is involved in every facet of major cyber incidents & compromise recovery planning
- Incident response is an unpredictable line of business and may, on rare occasion, require a shift in normal working hours
- We place a strong emphasis on finding ways to ensure a healthy work/life balance
We seek individuals that are passionate about learning and sharing their knowledge with others.
- BA/BS Degree or equivalent
- Training/certifications preferred, but not required:
- GIAC Certified Incident Handler (GCIH)
- SANS FOR498: Battlefield Forensics & Data Acquisition
- SANS SEC488: Cloud Security Essentials
- Certified Ethical Hacker (CEH)
- ISC2 Certified Information Systems Security Professional (CISSP)
- Non-technical: Expert witness training
- Non-technical: SANS SEC402 Cybersecurity Writing: Hack the Reade
- The ideal candidate would be able to clearly document and articulate the progression of an investigation as well as recommended next steps
- A strong commitment to teamwork in a diverse & inclusive culture is required
- Operational knowledge of the Windows platform
- Linux, & Mac OS is a plus
- Experience with technologies such as (AV, IDS, Firewalls, Proxy, etc.)
- Experience in the fields of malware reverse engineering and/or threat intelligence are a plus
- Experience with the ServiceNow ticketing platform is a plus
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com
Requisition code: D63590
Apply on company website