Senior Consultant, Detect & Respond - Incident Response

--

What will your typical day look like?

Working in our Cyber Defense & Resilience - Cyber Incident Response practice, you will:

• Work on unique and exciting engagements helping organizations prepare for, respond to, and recover from cyber incidents
• Deliver engagements across a wide variety of clients, industries, technologies, and geographies
• Be part of a national, diverse, collaborative, and performance-driven incident response team
• Investigate large, complex, and high-profile cyber incidents and data breaches
• Lead technical investigations and response activities, and liaise directly with clients
• Lead and participate in technical workshops regarding incident response, network security, vulnerability management, access management, etc.
• Acquire, preserve, and analyze data from a wide variety of devices, including workstations, servers, and cloud systems
• Investigate network intrusions and other data breaches to determine root cause, scope, and impact of the incident
• Assist clients with containment and recovery from cyber incidents
• Deliver incident response engagements following industry standard methodologies like NIST and SANS
• Conduct research to expand your knowledge on the latest security threats and risks, technologies, and standards
• Use, build, and grow an emerging technology stack used to deliver incident response engagements
• Contribute to ongoing practice improvement regarding technology, processes, and structures to deliver incident response engagements
• Develop Incident Response plans, polices, and playbooks to prepare organizations to respond efficiently and effectively to cyber threats
• Support the team in conducting tabletop simulation exercises for Technical and Executive teams
• Assist clients with Post Incident Reviews to help identify opportunities to improve processes and capabilities
• Cultivate relationships with clients and share your knowledge while leveraging prevalent methodologies
• Develop high quality deliverables, such as Incident Investigation Reports and Post Incident Reviews
• Continue your professional development to reinforce and expand your chosen career path

About the team

Deloitte's globally recognized Cyber Security practice advises organizations across many industries on how to effectively manage threats, reduce vulnerability, mitigate cyber risks and make informed decisions as they elevate their security programs to address an evolving and increasingly complex threat environment.
Our diverse team of talented and collaborative professionals work closely with each other and clients across the complete range of cyber services including security and compliance assessments, technical assessments, governance, control testing, incident response, awareness training and threat and vulnerability management.

Enough about us, let's talk about you

You are someone who has:

SKILLS:

• Writing and speaking on both technical and business subjects
• Ability to effectively communicate with technical and non-technical stakeholders, including business leadership
• Ability to remain calm under pressure, and help organizations in times of crises
• Strong time management skills
• Self-directed, with the ability to thrive in a fast-paces and dynamic environment
• Strong analytical and problem-solving skills
• At least 4 years of experience working in the digital forensics and incident response field, or a closely adjacent field
• Previous experience in the broader cyber security and technology fields would be considered a strong asset
• Previous consulting firm experience would be considered a strong asset
  

TECHNICAL SKILLS:

• Incident response engagements including ransomware, data breaches, business email compromise, network intrusions, and cloud incidents
• Industry standard digital forensic tools like Magnet Axiom, Encase, XWays, FTK, Velociraptor, Timesketch, Volatility, Plaso/Log2timeline, Eric Zimmerman Tools, hex editors, etc.
• Endpoint Detection & Response (EDR) tools like CrowdStrike Falcon, Carbon Black EDR, Microsoft Defender for Endpoint, Cortext XDR, SentinelOne, etc.
• Evidence acquisition and preservation tools and processes like full disk imaging, memory dumps, and log extraction
• Security monitoring solutions like Splunk, Microsoft Sentinel, Elastic/ELK, ArcSight, FleetDM, CrowdStrike, etc.
• Security Operations Centre (SOC) tools and processes
• Operating systems and file systems (e.g. Windows, Linux, Unix, MacOS, etc.)
• Key cloud providers and services like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud (GCP)
• Log analysis (e.g. Windows Event logs, Linux/Unix logs, firewall and network device logs, cloud system logs, etc.)
• Command line tools (e.g. PowerShell, bash, zsh, grep, sed, awk) and scripting languages (e.g. Python)
• Enterprise IT software and hardware (e.g. workstations, servers, networks, datacentres, etc.)
• Infrastructure like Active Directory, virtual infrastructure (VMWare, Hyper-V, Citrix), and networking (routing, switching, firewalls) would be considered a strong asset
• Security solutions such as firewalls, intrusion detection and prevention systems, network segmentation, email security, endpoint protection, etc. would be considered a strong asset
• Threat intelligence and malware analysis would be considered a strong asset
• Incident response tabletop exercises, and developing incident response plans and playbooks would be considered a strong asset
• Digital forensics and incident response certifications like SANS GIAC GCFA, GCFE, GCIH, GREM, EnCE, CCE, etc. would be considered a strong asset

Total Rewards

The salary range for this position is $83,000 - $125,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.

Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. Some representative examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.