Job Title: T&T | Cyber: D&R I Assistant Manager | Incident Response & Handling | Mumbai
T&T | Cyber: D&R I Assistant Manager | Incident Response & Handling | Mumbai
• Job requisition ID : 107667
• Location: Mumbai
• Entity: Deloitte Touche Tohmatsu India LLP
The team
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity
Your work profile:
The Incident Response (IR) Analyst is responsible for identifying, investigating, containing, eradicating, and recovering from cybersecurity incidents affecting the Bank's information assets. The role also includes proactive monitoring of Deep Web and Dark Web sources to identify compromised credentials, payment card data, customer information, and other sensitive information related to the Bank, enabling timely risk mitigation and response.
- Monitor and investigate security incidents reported by SOC, threat intelligence platforms, fraud teams, CERT-In, and external agencies.
- Perform incident triage, analysis, containment, eradication, and recovery activities.
- Coordinate with internal stakeholders and technology teams during incident response.
- Conduct forensic evidence collection while maintaining chain of custody.
- Document incidents, root cause analysis, lessons learned, and corrective actions.
- Support post-incident reviews and continuous improvement initiatives.
Continuously monitor Deep Web and Dark Web sources for:
- Employee credentials
- Privileged account credentials
- Customer credentials
- Internet Banking credentials
- Corporate Banking credentials
- VPN and remote access credentials
- Administrative account credentials
- Payment card (credit/debit) information
- BIN-related fraud intelligence
- SWIFT-related intelligence
- ATM/POS compromise indicators
- Customer Personally Identifiable Information (PII)
- Bank domain impersonation
- Phishing kits
- Malware targeting the Bank
- Data leak announcements
- Ransomware victim listings
- Validate discovered information to reduce false positives.
- Assess the business impact and initiate incident response activities where required.
- Coordinate immediate password resets, account monitoring, card blocking, fraud monitoring, and customer notifications when applicable.
- Produce actionable intelligence reports and recommend mitigation measures.
Key Skills required:
- 3-6 years of experience in incident response, IT security, or cybersecurity operations
- Knowledge of the Incident Response lifecycle
- Understanding of phishing attack techniques and email threat analysis
- Familiarity with malware behavior analysis and sandboxing concepts
- Basic knowledge of Windows/Linux systems and endpoint security tools
- Strong analytical, documentation, and communication skills
- Understanding of the Incident Response lifecycle
- Strong knowledge of phishing attack techniques and email security analysis
- Familiarity with malware behavior analysis and sandboxing tools
Working knowledge of networking fundamentals, including:
- TCP/IP, DNS, OSI Model
- Network ports and protocols
- Basic firewall, proxy, and IPS/IDS concepts
- Interpretation of network logs and traffic indicators
- Basic knowledge of Windows/Linux operating systems and endpoint security tools
- Strong analytical, documentation, and communication skills
- Bachelor’s degree in Cybersecurity, Information Security, IT, or Computer Science
- Preferred certifications: CompTIA Security+, EC‑Council CEH (Foundational)
