Assistant Manager (T1) – NSE Cyber Security Incident Response Analyst - Deloitte Support Services India Private Limited
Organisation Summary
At Deloitte, we’re all about collaboration. And nowhere is this more apparent than among our 2,000-strong internal services team. With our combined specialist skills, we provide all the essential support and advice our client-facing colleagues need, right across the firm. This enables them to focus all their efforts on delivering the best service possible to their clients. Covering seven distinct areas; Human Resources, Clients & Industries, Finance & Legal, Practice Support Services, Quality & Risk Services, IT Services, and Workplace Services & Real Estate, together we live, breathe and deliver the Deloitte experience.
Role description
The NSE Cyber Security Incident Response Analyst is a member of the NSE Cyber Incident Response team and is responsible for providing Cyber Incident response expertise across North South Europe (NSE) at Deloitte.
You will report to the NSE Head of Cyber Incident Response, the role provides support for a range of operational security activities including cyber incident analysis, remediation support and detailed investigation at Deloitte.
Location: Hyderabad
Work shift Timings: 01:00 PM to 10:00 PM/ 2:00 PM – 11:00 PM (IST)
Out of Hours On-Call support Rota (roughly 1 week in 5)
Role Requirement
- Experience in Information Security / Cybersecurity
- Excellent written and verbal communication skills, sociable and collaborative skills, and the ability to communicate cyber security topics and concepts to technical and nontechnical audiences at various hierarchical levels
- Possess strong organizational skills to facilitate management and tracking of large numbers of incidents, events, and associated tasks.
- Demonstrated knowledge of the incident lifecycle and security operations, working knowledge of triage and analysis tools, and a strong understanding of cybersecurity threats
- Demonstrated knowledge of incident response casework, including maintaining case information, chain of custody reporting, and full documentation of issues from identification through remediation
- Proven track record and experience of the following in a highly complex and global organization
- Strong problem solving and troubleshooting skills with experience exercising mature judgement.
- Excellent teamwork and sociable skills
- Strong willingness to learn and work outside of knowledge comfort zone.
- Professional security management certification is desirable but not a requirement for the role.
- Operational knowledge of several preventive and detective security controls (knowledge of ALL these areas is NOT required) e.g. firewalls, advanced endpoint solutions, Data Loss Prevention (DLP), web security solutions, email gateways, Security Information and Event Management (SIEM)
- Foundational knowledge of several general IT technologies and concepts (knowledge of ALL these areas is NOT required) e.g. routers, switches, messaging systems, server operating systems (Windows, Linux), desktop operating systems (Windows, macOS), cloud services and architecture, vulnerability management.
- Experience recording and maintaining incident documentation within a ticketing system.
- Ability to quickly analyse large amounts of information and formulate action plans based on that analysis.
Roles and Responsibilities
- In charge of the NSE Cyber Security Operations Incident Ticket queue, handling and resolving Cyber Security Incident Tickets
- Supports the NSE Cyber Security Senior Analyst in day-to-day activities.
- Provides technical services needed for cyber incident response investigations including, containment, eradication and remediation activities.
- Assists with assessing scope of incident damage.
- Assists in determination of incident severity.
- Maintaining documentation throughout a cyber incident
- Assists in the drafting of post-incident reports to senior leadership to convey impact, origin, root cause, and remediation.
- Provides direct guidance and oversight to Service Management during an Incident Response if required.
- Participation in Threat Hunting and Threat Intelligence activities.
- Provide technical support and guidance on windows autopilot issues and best practices.
Qualifications
· Bachelor of Engineering/ Bachelor of Technology
· 6+ years’ experience in a similar role and Enterprise organisation
Tools and Technologies:
· Splunk (Foundation skills)
· Microsoft Defender
· Crowdstrike
· ServiceNow
Technical Skills/ certifications:
· CompTIA S+
· CISMP
· Cloud certifications (Azure/AWS/GCP)
Technical Certifications (Good to have)
· ITIL V4 Foundation/ Advance