Manager - Incident Response and Cyber Defence

Job Requisition ID: 36349 

• Learn from the best in the business
• Mentoring, growth and training – receive support and coaching to progress your career
• Preventive and supportive mental health initiatives

About the Role

The Manager – Incident Response and Cyber Defence will play a key operational role in supporting the Head of Cyber Defence, focusing on incident detection, response, and containment. This individual will oversee SOC operations, ensure SIEM alerts are properly managed, and lead efforts to respond to critical cyber incidents. They will also handle IOCs and threat intelligence, working proactively to prevent security breaches. The Manager will act as a key escalation point for cyber incidents and provide leadership in threat detection, ensuring seamless security operations. With the potential to grow into a second-in-command (2IC) role, this position offers an opportunity for long-term leadership development.

Key Responsibilities

Incident Response & Cyber Resilience:

• Lead the response to cyber incidents, ensuring rapid mitigation, containment, and resolution.
• Maintain and execute the organization’s Incident Response Plan (IRP) with alignment to regulatory requirements and business goals.
• Oversee post-incident reviews to identify gaps, implement improvements, and update the IRP accordingly.
• Manage coordination with external response partners and regulators when necessary during significant incidents.
• Regularly conduct tabletop exercises and simulations to test the organization’s preparedness and refine response processes.

SOC & Threat Detection:

• Manage the Security Operations Centre (SOC) to ensure 24/7 monitoring and effective incident handling.
• Oversee the tuning of SIEM platforms, IDS/IPS, and other monitoring tools to optimize detection accuracy and reduce false positives.
• Ensure critical vulnerabilities generating alerts in the SIEM are properly identified, escalated, and responded to promptly.
• Coordinate the response to Indicators of Compromise (IOCs), leveraging intelligence sources to contain and prevent incidents.
• Monitor SOC metrics and incident trends to identify areas for operational improvement.

Threat Intelligence & IOC Handling:

• Collaborate with threat intelligence teams to incorporate actionable intelligence into detection and response efforts.
• Manage IOC handling by ensuring timely responses to new threat indicators and their integration into detection tools.
• Lead proactive threat hunting efforts within the SOC to identify potential threats before they materialize.
• Stay updated on emerging threat landscapes and ensure response strategies adapt to new vulnerabilities and attack vectors.

Leadership & Operational Support:

• Act as a key partner to the Head of Cyber Defence, supporting strategic initiatives and taking on operational leadership when required.
• Serve as the primary escalation point for complex incidents and operational challenges, including weekend support for critical systems (e.g., firewalls).
• Provide mentorship and guidance to SOC analysts and incident responders, ensuring continuous skill development within the team.
• Collaborate with IT, legal, compliance, and business units to align security response efforts with operational priorities.

 Continuous Improvement & Future 2IC Potential:

• Partner with the Head of Cyber Defence to assess and refine incident response processes and SOC operations continuously.
• Identify areas for optimization and automation within incident response workflows.
• Take on additional leadership responsibilities to develop into a second-in-command (2IC) role over time, supporting the head of function in strategic and operational capacities.
• Play an active role in the design and execution of defensive strategies to align with evolving threats and best practices.

About the team
Join Deloitte’s Cyber Defence team, a crucial part of our organisation, dedicated to protecting our diverse business portfolio and its 13,000 users. Our team operates in four core areas:

• Cyber GRC (Govern and Support)
• Cyber Assurance (Design & Deploy)
• Cyber Operations (Operate & Maintain)
• Cyber Defence (Protect & Defend)

Enough about us, let’s talk about you.
You are someone with:

Required: 

• 5+ years of experience in cybersecurity, with a focus on incident response, SOC and threat detection.
• Proven experience in handling cyber incidents in complex enterprise environments, including managing escalations.
• Strong operational background in SOC including familiarity with SIEM platforms and response tools.

• Expertise in incident response frameworks (e.g., NIST, MITRE ATT&CK, Cyber Kill Chain).
• Experience with SIEM platforms (e.g., Splunk, ArcSight, QRadar) and optimizing detection rules.
• Strong knowledge of IDS/IPS, IOCs, and proactive threat hunting methodologies.
• Familiarity with cloud security monitoring (AWS, Azure, GCP) is a plus.

Preferred:

• GIAC Certified Incident Handler (GCIH) 
• GIAC Security Operations Certified (GSOC) 

Why Deloitte? 

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.  

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong. 

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team and personal commitments.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.

Next Steps 
Sound like the sort of role for you? Apply now. 

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.