Job Title:  T&T-Cyber-D&R | Incident Response & Handling | Deputy Manager | Delhi

The Team.

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at     how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about  Cybersecurity

Your work profile

·      Lead end-to-end incident response activities including triage, scoping, containment, eradication, recovery support, and post-incident review.

·      Investigate incidents using multiple evidence sources such as EDR telemetry, SIEM alerts, Windows event logs, Sysmon, identity logs, cloud audit logs, network telemetry, mailbox artefacts, and SaaS evidence.

·      Rapidly determine the source, impact, and scope of a security incident and recommend appropriate containment and mitigation actions.

·      Drive investigations into credential compromise, phishing-led intrusions, lateral movement, insider activity, privilege abuse, ransomware precursors, and persistence mechanisms.

·      Build incident timelines, case notes, decision logs, and structured evidence trails to support technical investigations and leadership reporting.

·      Lead or support incident bridge calls, stakeholder updates, and client-facing breach communications during active response situations.

·      Collaborate with SOC, engineering, identity, and infrastructure teams to improve investigative workflows, response procedures, and playbooks.

·      Deliver tabletop IR assessments, real-life IR simulations, and after-action reviews for technical and executive audiences.

·      Contribute to root cause analysis, lessons learned, and resilience improvement recommendations following major incidents.

·      Mentor junior responders and act as a technical escalation point for complex or high-severity investigations.

Key Skills Required

·      Overall experience of at least 6+ years in cyber security with strong hands-on exposure to incident response, incident management, and breach investigations.

·      Experience handling live incidents with ownership across triage, containment, remediation support, root cause analysis, and reporting.

·      Strong knowledge of Windows, Active Directory, DNS, Linux, networking, and enterprise identity investigations.

·      Hands-on experience with SIEM tools such as QRadar, Sentinel, or equivalent, and EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, or equivalent.

·      Strong understanding of MITRE ATT&CK framework, cyber kill chain, attacker tradecraft, and adversary-focused investigation methods.

·      Experience using evidence sources beyond dashboards, including endpoint artefacts, identity logs, cloud logs, network evidence, and mailbox review.

·      Familiarity with SOAR technologies, playbooks, case management workflows, and ITSM tools for incident management.

·      Ability to work in time-sensitive and stressful situations with professionalism, structured communication, and sound containment judgment.

·     Bachelor’s / Master’s Degree

·    Certifications like GCIH, GCFA, ECIH v2, CHFI, GCIA, SC-200, or equivalent are preferred.

·      Strong English verbal, written communication, report writing, and presentation skills.

·      Ability to multitask and prioritise work effectively during crisis situations.

·      Responsive to challenging tasking and capable of operating in a fast-paced environment.

·      Highly motivated self-starter with strong analytical skills and attention to detail.

·      Capable of client handling, executive communication, and structured incident documentation.