Cyber Security Incident Response Tech Lead – Digital Forensics

About the role

Deloitte Innovation Hub is seeking a seasoned Cyber Security Incident Response Tech Lead to guide clients through complex cyber incidents, including data leaks, ransomware attacks, and advanced persistent threats. You will lead technical investigations, provide tactical advice, and ensure rapid restoration of business operations.

Key responsibilities

• Execute technical investigations of cyber incidents by analysing log files, Windows event logs, Linux artifacts, and correlating data in EDR, network monitoring tools and SIEM platforms.
• Conduct in‑depth malware analysis, threat‑intelligence research and memory forensics.
• Provide tactical support for triage, containment, eradication and coordination of incident response activities.
• Perform forensic analysis of systems and networks, including compromise assessments and threat‑hunting projects.
• Create custom automation scripts using Python to streamline investigations.

Required profile

• Proven experience leading cyber incident response and digital forensics engagements.
• Strong knowledge of Windows and Linux forensic artifacts.
• Hands‑on expertise with SIEM and EDR tools.
• Ability to analyse malware and interpret threat intelligence.

Required skills

• Splunk
• Microsoft Security Suite
• CrowdStrike Falcon
• SIEM and EDR tooling
• Windows event log analysis
• Linux artifact analysis
• Memory forensics
• Python scripting

What we offer

• Opportunity to work on high‑impact cyber security projects for global clients.
• Access to Deloitte’s extensive learning resources and professional development programs.
• Collaborative environment within the Innovation Hub’s diverse talent pool.