Are you energized by helping organizations protect theirdata and build client trust? Do you want to work in one of the worlds largestholistic internal cybersecurity organizations? If youre interested inproactively preventing, detecting, and responding to cyber attacks across a complexglobal footprint, then Deloitte Global could be the perfect place for you. Werelooking for an analytical thinker passionate about cybersecurity to join our team.
Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
The Deloitte Global Cybersecurity function is responsible for the firms overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking a Specialist Incident Response to join the team.
The Specialist Incident Response reports to the Global Incident Response Manager. The role serves as the main incident responder performing technical services for cyber security incident investigations and assessing scope of incident damage.
As part of the Global Cybersecurity Incident Response Team, this professional:
- Assists in preparation of internal and external communications
- Maintains chain of custody of incident evidence
- Provides physical security of collected data and devices
- Provides recommendations to resolve incident and/or reduce impact of incident, to bypass and/or prevent future similar incidents
- Provides technical services needed for cyber incident response investigations including, containment, eradication and remediation activities
- Responsible for assessing scope of incident damage
- Assists in determination of incident severity
- Responsible for maintaining documentation throughout a cyber incident
- Assist in the drafting of post-incident reports to senior leadership to convey impact, origin, root cause, and remediation
- Perform digital forensic services including, but not limiting to, collection, documentation, preservation and analysis of incident evidence
- Provides direct guidance and oversight to Coordination Specialist Incident Response
- Maintains on-call availability for a 24x7x365 coverage
Expectations from the Professional
Our purpose is to make an impact that matters and our aspiration is to be the undisputed leader in professional services. At the root of these goals are our Shared Values, which describe the distinctive Deloitte culture. Our Values are timeless, all-encompassing and embrace the cultures in which Deloitte member firms operate. We expect all professionals to live our purpose and shared values and be the brand ambassadors holding Deloitte Global and member firms together.
At Deloitte, everything we do starts with integrity. In our marketplace, nothing is more important than our reputation and, accordingly, we commit to conducting business with honesty, distinctive quality, and high levels of professional behavior.
Outstanding value to markets and clients
We play a critical role in helping both the capital markets and our member firm clients operate more effectively. We consider this role a privilege, and we know it requires constant vigilance and unrelenting commitment.
Commitment to each other
We are proud of our culture of borderless collegiality and work hard to support our people. We strive to create an inclusive environment that reflects our strong, clear expectations about diversity, respect, and fair treatment.
Strength from cultural diversity
Our member firm clients' business challenges are complex and benefit from the innovation and varied perspectives that our practitioners bring. We understand that working with people of different backgrounds, cultures, and thinking styles helps our people grow into better professionals and leaders.
- Bachelors degree: degree in a technology-related field, or equivalent education-related experience
- Recommended minimum of 5 years of combined experience in the Information Security / Cybersecurity domain with a minimum of 2-3 years in cyber incident response.
- Demonstrated understanding of the incident lifecycle and security operations, working knowledge of triage and analysis tools, and a strong understanding of cybersecurity threats
- Demonstrated understanding of incident response casework, including maintaining case information, chain of custody reporting, and full documentation of issues from identification through remediation
- Proven track record and experience of the following in a highly complex and global organization:
- Strong problem solving and troubleshooting skills with experience exercising mature judgement
- Excellent teamwork and interpersonal skills
- Professional security management certification preferred, such as GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), Certified Information Systems Security Professional (CISSP), or other similar credentials
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Possess strong organizational skills to facilitate management and tracking of large numbers of incidents, events, and efforts.
- Ability to adapt and operate in a high-tempo, dynamic and stressful environment.
- Sound knowledge of business management and an expert knowledge of information / cybersecurity strategy and governance
- Operational knowledge of preventive and detective security controls (e.g., firewalls (preferred CheckPoint), advanced endpoint solutions (preferred: Cylance), Web Application Firewalls (WAF), Data Loss Prevention (DLP), web security solutions, email gateways, Security Information and Event Management (SIEM))
- Operational knowledge of general IT technologies and concepts (e.g., routers, switches, messaging systems, server operating systems (Windows, Linux, Unix), desktop and mobile operating systems (Windows, macOS, iOS, Android), cloud services and architecture, and vulnerability management.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
- Experience recording and maintaining incident documentation within a ticketing system (preferred: ServiceNow)
- Understanding of incident response in a Cloud based environment and experience with cloud solutions (preferred: Microsoft Azure, AWS)
- Experience leading cyber security incident response during normal daily operations or against advanced persistence threats.
- Ability to quickly analyze large amounts of information and formulate action plans based on that analysis.
- Experience interpreting, searching, and manipulating data within enterprise logging solutions.
- Strong understanding of SIEM technologies (preferred: Splunk)
- Experience and ability to code in JAVA, Python, PowerShell
- Ability to travel as needed (<10%)
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers site (jobs2.deloitte.com) or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at jobs2.deloitte.com