Senior Consultant, Detect & Respond - Incident Response

Senior Consultant, Detect & Respond - Incident Response Apply now » Apply now Start applying with LinkedIn Apply Now Start Please wait... Apply now × Apply for Job × × × Enter your email to apply Date: Oct 19, 2024 Location: Toronto, Ontario, Canada Company: Deloitte Job Type: Permanent Reference code : 125338 Primary Location: Toronto, Ontario, Canada All Available Locations: Toronto, ON; Calgary, AB; Edmonton, AB; Ottawa, ON; Vancouver, BC Our Purpose At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization. By living our Purpose, we will make an impact that matters. Be encouraged to deepen your technical skills…whatever those may be. Partner with clients to solve their most complex problems Experience MyFlex and an agile work environment where work is what you do not where you do it -- What will your typical day look like? Working in our Cyber Defense & Resilience - Cyber Incident Response practice, you will: • Work on unique and exciting engagements helping organizations prepare for, respond to, and recover from cyber incidents • Deliver engagements across a wide variety of clients, industries, technologies, and geographies • Be part of a national, diverse, collaborative, and performance-driven incident response team • Investigate large, complex, and high-profile cyber incidents and data breaches • Lead technical investigations and response activities, and liaise directly with clients • Lead and participate in technical workshops regarding incident response, network security, vulnerability management, access management, etc. • Acquire, preserve, and analyze data from a wide variety of devices, including workstations, servers, and cloud systems • Investigate network intrusions and other data breaches to determine root cause, scope, and impact of the incident • Assist clients with containment and recovery from cyber incidents • Deliver incident response engagements following industry standard methodologies like NIST and SANS • Conduct research to expand your knowledge on the latest security threats and risks, technologies, and standards • Use, build, and grow an emerging technology stack used to deliver incident response engagements • Contribute to ongoing practice improvement regarding technology, processes, and structures to deliver incident response engagements • Develop Incident Response plans, polices, and playbooks to prepare organizations to respond efficiently and effectively to cyber threats • Support the team in conducting tabletop simulation exercises for Technical and Executive teams • Assist clients with Post Incident Reviews to help identify opportunities to improve processes and capabilities • Cultivate relationships with clients and share your knowledge while leveraging prevalent methodologies • Develop high quality deliverables, such as Incident Investigation Reports and Post Incident Reviews • Continue your professional development to reinforce and expand your chosen career path About the team Deloitte's globally recognized Cyber Security practice advises organizations across many industries on how to effectively manage threats, reduce vulnerability, mitigate cyber risks and make informed decisions as they elevate their security programs to address an evolving and increasingly complex threat environment. Our diverse team of talented and collaborative professionals work closely with each other and clients across the complete range of cyber services including security and compliance assessments, technical assessments, governance, control testing, incident response, awareness training and threat and vulnerability management. Enough about us, let’s talk about you You are someone who has: SKILLS: Writing and speaking on both technical and business subjects Ability to effectively communicate with technical and non-technical stakeholders, including business leadership Ability to remain calm under pressure, and help organizations in times of crises Strong time management skills Self-directed, with the ability to thrive in a fast-paces and dynamic environment Strong analytical and problem-solving skills At least 4 years of experience working in the digital forensics and incident response field, or a closely adjacent field Previous experience in the broader cyber security and technology fields would be considered a strong asset Previous consulting firm experience would be considered a strong asset TECHNICAL SKILLS: Incident response engagements including ransomware, data breaches, business email compromise, network intrusions, and cloud incidents Industry standard digital forensic tools like Magnet Axiom, Encase, XWays, FTK, Velociraptor, Timesketch, Volatility, Plaso/Log2timeline, Eric Zimmerman Tools, hex editors, etc. Endpoint Detection & Response (EDR) tools like CrowdStrike Falcon, Carbon Black EDR, Microsoft Defender for Endpoint, Cortext XDR, SentinelOne, etc. Evidence acquisition and preservation tools and processes like full disk imaging, memory dumps, and log extraction Security monitoring solutions like Splunk, Microsoft Sentinel, Elastic/ELK, ArcSight, FleetDM, CrowdStrike, etc. Security Operations Centre (SOC) tools and processes Operating systems and file systems (e.g. Windows, Linux, Unix, MacOS, etc.) Key cloud providers and services like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud (GCP) Log analysis (e.g. Windows Event logs, Linux/Unix logs, firewall and network device logs, cloud system logs, etc.) Command line tools (e.g. PowerShell, bash, zsh, grep, sed, awk) and scripting languages (e.g. Python) Enterprise IT software and hardware (e.g. workstations, servers, networks, datacentres, etc.) Infrastructure like Active Directory, virtual infrastructure (VMWare, Hyper-V, Citrix), and networking (routing, switching, firewalls) would be considered a strong asset Security solutions such as firewalls, intrusion detection and prevention systems, network segmentation, email security, endpoint protection, etc. would be considered a strong asset Threat intelligence and malware analysis would be considered a strong asset Incident response tabletop exercises, and developing incident response plans and playbooks would be considered a strong asset Digital forensics and incident response certifications like SANS GIAC GCFA, GCFE, GCIH, GREM, EnCE, CCE, etc. would be considered a strong asset Total Rewards The salary range for this position is $83,000 - $125,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver. Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. Some representative examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure. Our promise to our people: Deloitte is where potential comes to life. Be yourself, and more. We are a group of talented people who want to learn, gain experience, and develop skills. Wherever you are in your career, we want you to advance. You shape how we make impact. Diverse perspectives and life experiences make us better. Whoever you are and wherever you’re from, we want you to feel like you belong here. We provide flexible working options to support you and how you can contribute. Be the leader you want to be. Be the leader you want to be Some guide teams, some change culture, some build essential expertise. We offer opportunities and experiences that support your continuing growth as a leader. Have as many careers as you want. We are uniquely able to offer you new challenges and roles - and prepare you for them. We bring together people with unique experiences and talents, and we are the place to develop a lasting network of friends, peers, and mentors. Our TVP is about relationships - between leaders and their people, the firm and its people, peers, and within in our communities. The next step is yours At Deloitte, we are all about doing business inclusively - that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan , Reconciliation Action Plan and the BlackNorth Initiative . We encourage you to connect with us at [email protected] if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations). We’d love to hear from you! By applying to this job you will be assessed against the Deloitte Global Talent Standards. We’ve designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally. Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples. We are all Treaty people. Job Segment: Computer Forensics, Cyber Security, Cloud, Linux, Unix, Security, Technology Apply now » Apply now Start applying with LinkedIn Apply Now Start Please wait... Apply now × Apply for Job × × × Enter your email to apply