Cyber Incident Response Specialist Senior (57875)
- Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.
- Assist clients in identifying and remediating gaps as identified throughout the investigation
- Provide clients guidance and advice in regard to cyber incidents, forensics, and incident response
- Document findings and create well written reports
Deloitte Cyber Risk team is the "boots on the ground" that manages and responds to live incidents, using their skills in digital forensics, incident response, IT security, and incident handling. We are expected to be and treated as subject matter specialists in our field. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice.
- 5+ years of information security experience in one or more of the following areas: IT security, incident handling and response, exploit analysis, network intelligence gathering, vulnerability management, digital forensics methods and procedures
- Must have Linux/Unix technical experience including creation and modification, administration, troubleshooting, and/or forensic and Incident Response experience
- Actual technical skills. Should be able to conduct an investigation from start to finish given a wide variety of available tools and resources.
- 2+ years of experience with at least two of the following tools: X-ways Forensics, Forensic Explorer, EnCase Forensic, EnCase Enterprise, AccessData FTK, Volatility, SANS SIFT, Carbon Black, Internet Evidence Finder/Axiom
- Familiarity with threat intelligence and applied use within incident response and forensic investigations
- Experience with malware analysis and understanding attack techniques
- Experience interpreting, searching, and manipulating data within enterprise logging solutions
- Experience working with network, host, and user activity data, and identifying anomalies
- BA/BS in computer science, management information systems or related field or significant industry experience required.
- CISSP, CISM, EnCE, CEH, GCFA, GCFE, or GCIH certification required.
- Ability to demonstrate an investigative mindset. Not just being able to execute a task, but also being able to understand the reason for that task, and determine next steps depending on the results while maintaining a firm grasp of the overall goals of the entire process.
- Outstanding written and oral communication skills and the ability to prioritize work
- The ability to be a strong team player and working well with others
- Demonstrable personal interest in computing, security, and digital communications
- Travel up to 20% (While 20% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.