Cyber Incident Response Manager

Cyber Security Cyber Risk Posted: 07-Sep-2022

Same job available in 23 locations

Alexandria, Virginia, United States

Arlington, Virginia, United States

Atlanta, Georgia, United States

Austin, Texas, United States

Charlotte, North Carolina, United States

Cincinnati, Ohio, United States

Cleveland, Ohio, United States

Columbus, Ohio, United States

Dallas, Texas, United States

Detroit, Michigan, United States

Hermitage, Tennessee, United States

Houston, Texas, United States

Kansas City, Missouri, United States

Mclean, Virginia, United States

Miami, Florida, United States

Nashville, Tennessee, United States

Orlando, Florida, United States

Raleigh, North Carolina, United States

Richmond, Virginia, United States

Rosslyn, Virginia, United States

San Antonio, Texas, United States

Tampa, Florida, United States

Washington Dc, Virginia, United States

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

Work you’ll do:
The Malware Researcher Manager reports to the GCIR Manager. Malware analysis lives within the incident responder function of the GCIR group. As a Malware Researcher, you will conduct static and dynamic analysis of malware to extract atomic indicators of compromise, profile malware behavior, and articulate recommendations for mitigating and detecting malware. The right candidate is a self-starter with excellent technical skills to perform duties such as, but not limited to, researching and classifying malware, exploring malware distribution techniques such as exploit kits and phishing/spam campaigns, tracking and investigating botnets, researching broad and targeted attacks, developing scripts and tools on-the-fly to support research activities, conduct independent research into crimeware and advanced attacks, and create reports. Other Responsibilities include to:
  • Perform technical research into advanced malware, targeted attacks, crimeware campaigns, and other emerging technologies and techniques to identify and report on cyber-attacks and attackers
  • Perform proactive research to identify, categorize and produce reports on new and existing threats
  • Correlate information with additional data sources to develop a comprehensive operational picture of malicious actors, and their tactics, techniques, and procedures
  • Conduct technical evaluations of new or emerging cyber threats, such as attack tools, exploits, malware, etc, and how they are used in conjunction with crime
  • Discover and investigate malicious activities in order to determine various tactics such as exploitation methods, and effects on systems and information
  • Provide awareness to internal analysis and collections teams on changes to the cyber threat landscape and criminal activities
  • Co-develop and help manage technical capabilities needed to enhance new sources of intelligence collection in partnership with engineering, analysis, and collections teams
  • Contribute research to reporting on current and emerging threats and establish relationships between the research team and external entities such as law enforcement agencies and vendors.
  • Provides technical services needed forcyber incident responseinvestigations including, containment, eradication and remediation activities
  • Assists with assessing scope of the incidentdamage
  • Assists in determination of incident severity
  • Assists with maintaining documentation throughouta cyberincident
  • Assist in the drafting ofpost-incident reports to senior leadership to convey impact, origin, root cause, and remediation
  • Perform incident response services including, but not limiting to, collection, documentation, preservation and analysis of incident evidence

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.


Bachelor’s degree: a technology-related field, or equivalent education-related experience
  • Minimum of 5-10 years of experience in security operations or threat intelligence with at least 5 of those years of experience in malware analysis
  • Understanding of host and network forensic artifacts and indicators of compromise
  • Understanding of cyber threats and how intelligence is used by security appliances and operators
  • Understanding of static and dynamic malware analysis tools and techniques, to include:
    • Debugging
    • Disassemblers
    • Reverse Engineering
  • Working knowledge of Assembly, C and/or C++, Python, JSON, and Visual Basic
  • Experience working with commonly-used malware sandboxes
  • Experience analyzing packet capture files with tools such as Wireshark
  • Deep understanding of open source penetration testing tools and experience writing Yara rules
  • Familiarity with PowerShell and other command shell scripting languages
  • Experience working in information technology / cyber security for a large, complex enterprise and collaborating across teams
  • SANS GREM Certification
  • Experience writing Snort signatures
  • Familiarity with EDR tools such as Tanium or Cylance
  • Familiarity with Splunk & ServiceNow
  • Familiarity with Azure & AWS
  • Historical knowledge of major cyber threat actors and their malware families
  • Familiarity with Threat Intelligence Platform software such as ThreatConnect or Anomali
  • Familiarity with Avalon

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.