Job Title: T&T I Cyber-D&R I Assistant Manager | Incident Response & Handling | Mumbai
T&T I Cyber-D&R I Assistant Manager | Incident Response & Handling | Mumbai
• Job requisition ID : 103020
• Location: Mumbai
• Entity: Deloitte Touche Tohmatsu India LLP
The team
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity
Your Work Profile
• Detect, triage, investigate, and respond to security incidents across client environments in accordance with defined SLAs.
• Analyze alerts and events from a wide range of data sources: Firewalls, IDS/IPS, Proxy, AD, EDR, DLP, etc.
• Execute end-to-end incident response including detection, containment, eradication, recovery, and lessons learned.
• Conduct root cause analysis and forensic investigations on affected systems.
• Leverage tools such as EDR, SIEM, and SOAR to automate and accelerate response efforts.
• Develop, improve, and document incident response processes and playbooks.
• Deliver comprehensive incident reports to internal and external stakeholders, including executive briefings.
• Monitor log sources/data sources health and coordinate with engineering to maintain optimal visibility.
• Facilitate tabletop exercises, real-time simulations, and post-incident reviews.
• Support threat hunting initiatives by analyzing network traffic, endpoint behavior, and threat intelligence.
• Assist in malware analysis and reverse engineering efforts as needed.
• Track incident response metrics and contribute to continuous improvement of detection and response capabilities.
• Collaborate with cross-functional teams including SOC analysts, IT operations, and business stakeholders.
Key Skills required:
- 4-7 years Information Security experience with at least 4 year of Incident Response experience.
- Core Incident Response Knowledge: Deep understanding of the incident response lifecycle, cyber kill chain, and MITRE ATT&CK framework.
- SIEM Platforms: Strong experience with QRadar, Microsoft Sentinel, and other SIEM tools.
- SOAR Tools: Proficiency in tools like Cortex XSOAR, Splunk Phantom, and Demisto for orchestrating response.
- EDR Technologies: Hands-on experience with tools like CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, etc.
- Log Analysis: Ability to interpret raw logs and perform correlation across diverse systems (network, endpoint, applications).
- Digital Forensics: Experience with EnCase, FTK, or other forensics toolsets; able to perform memory, disk, and network forensics.
- Malware Analysis: Strong understanding of malware behavior, obfuscation techniques, and basic reverse engineering.
- Process Orientation: Ability to document, optimize, and maintain response processes and runbooks.
- ITSM Tools: Familiarity with ITSM platforms (e.g., ServiceNow) for managing incidents and workflows.
- Experience delivering IR services to large enterprise or MSSP environments.
- Familiarity with cloud environments (Azure, AWS, GCP) and cloud security practices.
- Education: Bachelor’s degree in information security, Computer Science, or a related field. A master’s in business management is preferred.
