Senior Manager, Global Cyber Incident Response

Overview

Birmingham, Bristol, Cardiff, Manchester, Milton Keynes, Reading, St AlbansBusiness Line: Enabling FunctionsJob Type: Permanent / FTCDate published: 11-Sep-202520401Connect to your Industry

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this global environment, we operate to help Deloitte deliver and connect with its clients, communities, and one another in ways not previously conceived.Connect to your career at Deloitte

Deloitte drives progress. Using our vast range of expertise, we help our clients become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers with diverse talents and backgrounds, and empower them to reach for and achieve more.What brings us together at Deloitte? It’s how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Wherever we are in the world, we

lead the way ,

serve with integrity ,

take care of each other ,

fostering inclusion , and

collaborate for measurable impact . These five shared values guide our decisions and actions where it matters most.Connect to your opportunity

Global Cyber Incident Response (GCIR) establishes the structure by which the Deloitte network responds to cybersecurity incidents as a cohesive global response team. This Senior Manager role will lead the Malware Reverse Engineering capability within GCIR. The role requires a proven track record of building and scaling high-performing security teams while delivering cutting-edge threat analysis capabilities. The ideal candidate will combine strategic leadership with hands-on technical mastery, translating complex threat landscapes into actionable business intelligence for C-suite executives while advancing malware research and incident response capabilities.Responsibilities

Team Leadership and StrategyLead and expand a global team of malware reverse engineers, software developers and cloud security architectsImplement operational models to provide 24/7 threat analysis and incident response capabilitiesDevelop comprehensive professional development programs and advanced training curricula for team skill enhancementDrive strategic planning for malware research initiatives and threat intelligence operationsPresent threat landscape assessments and security recommendations to executive leadership and client C-suitesTechnical Leadership and Innovation

Architect and implement next-generation malware analysis automation pipelines integrated with EDR platformsLead development of Infrastructure as Code (IaC) solutions for scalable security operations across AWS, Azure, and Google CloudOversee advanced malware reverse engineering projects targeting APT campaigns, novel threats, and zero-day exploitsDirect software development initiatives creating state-of-the-art detection tools using AI/ML and transformer modelsDesign and deploy sophisticated sandbox environments and deception frameworks for threat researchLead complex incident response engagements for high-profile clients experiencing advanced persistent threatsDevelop automated incident response playbooks and security orchestration workflowsProduce executive-level threat intelligence reports on emerging malware families and APT campaignsCollaborate with detection engineering teams to enhance EDR capabilities and close security gapsSupport large-scale digital forensics investigations and breach response activitiesConnect to your skills and professional experience

Education and Certifications

Bachelor''s degree, or equivalent, in relevant technical field (Master''s degree preferred)Professional security management certification strongly desirable, such as the Certified Information Systems Security Professional (CISSP)Advanced malware analysis certifications (Hex-Rays IDA Pro, SANS SEC595 or equivalent)Technical Expertise

Malware Analysis Mastery: Expert-level proficiency in x86-64 and ARM64 assembly, reverse engineering across PE, ELF, Mach-O formatsAdvanced Tooling: Deep expertise with IDA Pro, Hex-Rays, Ghidra, x64dbg, WinDbg, GDB, and Time Travel DebuggingEvasion Techniques: Proven ability to defeat anti-debugging, anti-VM, and advanced evasion mechanismsDevelopment Skills: Strong programming capabilities in C/C++ and Python for tool development and automationCloud Architecture: Hands-on experience with AWS services (EC2, S3, Lambda, VPC, SQS, SNS, DynamoDB)DevOps and Automation: Proficiency in CI/CD pipelines, Docker, Terraform, CloudFormation, and infrastructure automationLeadership Experience

Relevant experience in cybersecurity including leadership rolesDemonstrated success managing technical teams with multiple direct reportsExperience performing cyber incident response and reverse engineering in large enterprise environmentsProven track record in both on-premises and cloud security operationsSpecialized Skills

Advanced knowledge of APT tactics, techniques, and procedures (TTPs)Experience with rootkit and bootkit analysis, kernel-mode debuggingProficiency in YARA rule development and automated IOC extractionUnderstanding of banking malware, ransomware, and targeted attack methodologiesExperience with threat intelligence platforms and information sharing protocolsPreferred Qualifications

Experience with SMT-based binary program analysis and advanced static analysis techniquesBackground in Windows kernel internals and rootkit detection mechanismsFamiliarity with ARM64 architecture and mobile malware analysisExperience with threat hunting and proactive security operationsPrevious consulting experience with Fortune 500 clientsPublications or speaking engagements in cybersecurity conferencesConnect to your business - Enabling Functions

Collaboration is central to everything we do at Deloitte. From IT to HR, marketing and more, our teams help to support the wider business. Bring your individual skills and specialist knowledge to make a far-reaching impact.Personal independence

Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations that may affect personal independence constraints (e.g., certain financial interests and employment relationships). The recruitment team will provide further detail as you progress, or you can contact the Independence team upon request.Connect with your colleagues

Everyone at Deloitte builds relationships with peers and strives to get to know one another to make work more enjoyable.Our hybrid working policy

You’ll be based in one of our UK locations with hybrid working. Depending on the requirements of your role, you’ll have the opportunity to work in your local office, virtual collaboration spaces, client sites, and remotely. You’ll meet face to face when needed to collaborate and learn, while prioritising wellbeing. Please check with your recruiter for specific working requirements that may apply.Our commitment to you

We aim to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. You’ll be supported to grow, with world-class development and opportunities to lead. You’ll never stop growing, whatever your level.Connect to your next step

A career at Deloitte is an opportunity to develop in any direction you choose. You’ll experience purpose and impact, bring your true self to work, and continue growing at every level. Discover more at ..... full job details .....