Senior Consultant, Detect & Respond - Incident Response

Job Type: Permanent
Reference code : 125338
Primary Location: Toronto, Ontario, Canada
All Available Locations: Toronto, ON; Calgary, AB; Edmonton, AB; Ottawa, ON; Vancouver, BC

Our Purpose

At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization.

By living our Purpose, we will make an impact that matters.

• Be encouraged to deepen your technical skills…whatever those may be.
• Partner with clients to solve their most complex problems
• Experience MyFlex and an agile work environment where work is what you do not where you do it

--

What will your typical day look like?

Working in our Cyber Defense & Resilience – Cyber Incident Response practice, you will:
• Work on unique and exciting engagements helping organizations prepare for, respond to, and recover from cyber incidents
• Deliver engagements across a wide variety of clients, industries, technologies, and geographies
• Be part of a national, diverse, collaborative, and performance-driven incident response team
• Investigate large, complex, and high-profile cyber incidents and data breaches
• Lead technical investigations and response activities, and liaise directly with clients
• Lead and participate in technical workshops regarding incident response, network security, vulnerability management, access management, etc.
• Acquire, preserve, and analyze data from a wide variety of devices, including workstations, servers, and cloud systems
• Investigate network intrusions and other data breaches to determine root cause, scope, and impact of the incident
• Assist clients with containment and recovery from cyber incidents
• Deliver incident response engagements following industry standard methodologies like NIST and SANS
• Conduct research to expand your knowledge on the latest security threats and risks, technologies, and standards
• Use, build, and grow an emerging technology stack used to deliver incident response engagements
• Contribute to ongoing practice improvement regarding technology, processes, and structures to deliver incident response engagements
• Develop Incident Response plans, polices, and playbooks to prepare organizations to respond efficiently and effectively to cyber threats
• Support the team in conducting tabletop simulation exercises for Technical and Executive teams
• Assist clients with Post Incident Reviews to help identify opportunities to improve processes and capabilities
• Cultivate relationships with clients and share your knowledge while leveraging prevalent methodologies
• Develop high quality deliverables, such as Incident Investigation Reports and Post Incident Reviews
• Continue your professional development to reinforce and expand your chosen career path

About the team

Deloitte's globally recognized Cyber Security practice advises organizations across many industries on how to effectively manage threats, reduce vulnerability, mitigate cyber risks and make informed decisions as they elevate their security programs to address an evolving and increasingly complex threat environment.
Our diverse team of talented and collaborative professionals work closely with each other and clients across the complete range of cyber services including security and compliance assessments, technical assessments, governance, control testing, incident response, awareness training and threat and vulnerability management.

Enough about us, let’s talk about you

You are someone who has:

SKILLS:

• Writing and speaking on both technical and business subjects
• Ability to effectively communicate with technical and non-technical stakeholders, including business leadership
• Ability to remain calm under pressure, and help organizations in times of crises
• Strong time management skills
• Self-directed, with the ability to thrive in a fast-paces and dynamic environment
• Strong analytical and problem-solving skills
• At least 4 years of experience working in the digital forensics and incident response field, or a closely adjacent field
• Previous experience in the broader cyber security and technology fields would be considered a strong asset
• Previous consulting firm experience would be considered a strong asset
  

TECHNICAL SKILLS:

• Incident response engagements including ransomware, data breaches, business email compromise, network intrusions, and cloud incidents
• Industry standard digital forensic tools like Magnet Axiom, Encase, XWays, FTK, Velociraptor, Timesketch, Volatility, Plaso/Log2timeline, Eric Zimmerman Tools, hex editors, etc.
• Endpoint Detection & Response (EDR) tools like CrowdStrike Falcon, Carbon Black EDR, Microsoft Defender for Endpoint, Cortext XDR, SentinelOne, etc.
• Evidence acquisition and preservation tools and processes like full disk imaging, memory dumps, and log extraction
• Security monitoring solutions like Splunk, Microsoft Sentinel, Elastic/ELK, ArcSight, FleetDM, CrowdStrike, etc.
• Security Operations Centre (SOC) tools and processes
• Operating systems and file systems (e.g. Windows, Linux, Unix, MacOS, etc.)
• Key cloud providers and services like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud (GCP)
• Log analysis (e.g. Windows Event logs, Linux/Unix logs, firewall and network device logs, cloud system logs, etc.)
• Command line tools (e.g. PowerShell, bash, zsh, grep, sed, awk) and scripting languages (e.g. Python)
• Enterprise IT software and hardware (e.g. workstations, servers, networks, datacentres, etc.)
• Infrastructure like Active Directory, virtual infrastructure (VMWare, Hyper-V, Citrix), and networking (routing, switching, firewalls) would be considered a strong asset
• Security solutions such as firewalls, intrusion detection and prevention systems, network segmentation, email security, endpoint protection, etc. would be considered a strong asset
• Threat intelligence and malware analysis would be considered a strong asset
• Incident response tabletop exercises, and developing incident response plans and playbooks would be considered a strong asset
• Digital forensics and incident response certifications like SANS GIAC GCFA, GCFE, GCIH, GREM, EnCE, CCE, etc. would be considered a strong asset

Total Rewards

The salary range for this position is $83,000 - $125,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.

Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. Some representative examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.

Our promise to our people: Deloitte is where potential comes to life.

Be yourself, and more.

We are a group of talented people who want to learn, gain experience, and develop skills. Wherever you are in your career, we want you to advance.

You shape how we make impact.

Diverse perspectives and life experiences make us better. Whoever you are and wherever you’re from, we want you to feel like you belong here. We provide flexible working options to support you and how you can contribute. Be the leader you want to be.

Be the leader you want to be

Some guide teams, some change culture, some build essential expertise. We offer opportunities and experiences that support your continuing growth as a leader.

Have as many careers as you want.

We are uniquely able to offer you new challenges and roles – and prepare you for them. We bring together people with unique experiences and talents, and we are the place to develop a lasting network of friends, peers, and mentors. Our TVP is about relationships – between leaders and their people, the firm and its people, peers, and within in our communities.