Enviar candidatura ahora »

Join us as a Cyber Risk Senior - Malware Specialist for Incident Response!

Join us as a Cyber Risk Senior – Malware Specialist for Incident Response!


The Cyber Risk team wants to meet you!


Are you up for it?


Who we are:


We are Risk Advisory Spain, made up of more than 2,000 professionals that help organizations to make decisions in an intelligent manner, in order to prevent and manage business and operational risks, along with those existing in technological, financial, and non-financial processes.


Do you want to help us fight cyber threats? Risk Advisory is home to our team of Cybersecurity specialists, an environment created with an innovation culture.


Our internal Cyber Security Operations team is growing


The Deloitte Global Cybersecurity function provides internal support to all Member Firms protecting them from cyber threats. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center.


Within the Global Cybersecurity function, the Global Cyber Incident Response Team (GCIR) leads the internal Incident Response tasks.


What are we looking for?


We are looking for an Incident Response Specialist with focus on malware to join the internal GCIR team.


The Incident Response Specialist (Malware Researcher) reports to the GCIR Senior Manager. Malware analysis lives within the incident responder function of the GCIR group. As a Malware Researcher, you will conduct static and dynamic analysis of malware to extract atomic indicators of compromise, profile malware behavior, and articulate recommendations for mitigating and detecting malware.


  • High level of English since we are an international team working together from across the globe.
  • Minimum of 3 years of experience in security operations or threat intelligence with experience in malware analysis.
  • Understanding of static and dynamic malware analysis tools and techniques, to include:
    • Debugging
    • Disassemblers
    • Reverse Engineering
  • Working knowledge of Assembly, C and/or C++, & Python.
  • Working knowledge of IDAPro or similar debugging tool.
  • Experience working with commonly used malware sandboxes.
  • Experience analyzing packet capture files.


  • Other preferred skills:
    • Good understanding of memory forensics, exploits, & attacks.
    • Good understanding of open source penetration testing tools.
    • Good understanding of Windows internals.
    • Understanding of cyber threats and how intelligence is used by security appliances and operators.
    • Understanding of host and network forensic artifacts and indicators of compromise.
    • Good understanding of intelligence sharing formats and working with IOC & IOA in their different exchange formats.
    • Familiarity with command shell scripting languages.
    • Experience working in information technology / cyber security for a large, complex enterprise and collaborating across teams.


  • Preferred experience on the technologies (not mandatory):
    • Familiarity with EDR tools such as Croudstrike, Cylance or MS ATP.  
    • Familiarity with Splunk & ServiceNow.
    • Familiarity with Google Cloud, Azure or AWS.
    • Familiarity with UNIX/Linux.
    • Familiarity with Threat Intelligence Platform software such as Anomali or ThreatConnect.
    • Familiarity with Maltego or Avalon.


  • Education and certifications:
    • Bachelor’s degree: a technology-related field, higher education in technology or equivalent education-related experience
    • Optional certifications:
      • SANS GREM Certification.
      • EC Council CHFI or CEH.
      • Offensive Security OSCP.



Your daily tasks will include...


  • Provides technical support needed for cyber incident response investigations including, containment, eradication and remediation activities with a focus on malware analysis.
  • Provides Global Cyber Incident Response leadership recommendations focused on malware-related aspects of the incident response process within Deloitte internal network and assets.
  • Perform technical research into advanced malware, targeted attacks, crimeware campaigns, and other emerging technologies and techniques to identify and report on cyber-attacks and attackers.
  • Conduct technical evaluations of new or emerging cyber threats, such as attack tools, TTP, exploits, malware, etc., and how they are used in conjunction with crime.
  • Discover and investigate malicious activities in order to determine various tactics such as exploitation methods, and effects on systems and information.
  • Provide awareness and contribute to the research efforts on malware and TTPs trends done by the Threat Intelligence Team.
  • Collaborate with other technical teams within Deloitte to improve the security platforms (such as EDR, SIEM, etc.) used on daily operations to detect and response against threats.
  • Co-develop and help manage technical capabilities including EDR, SIEM, UEBA and other security platforms used on daily operations in partnership with.


What Deloitte offers:


Being part of a team that is leading the technological revolution. High commitment to our clients and to society. Diversity, integrity, and generosity as some of our core values.


We help our employees to develop their careers and foster excellence among our professionals by offering:


  • Personalized continuous career and training plans.
  • The opportunity to develop skills in leading and innovative projects with key companies.
  • Flexibility.
  • The opportunity to participate in Social Action Programs and cultural activities.
  • Health and sport: medical insurance, physiotherapy and medical services in the office, runners club, etc.


Keen to grow personally and professionally with us? Click on apply and let’s grow together! 


Click here to find out more about our Cyber team!


What impact will you make?



All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Población:  Madrid
Tipo de Puesto:  Profesionales Con Experiencia
Línea de Servicio:  Riesgos
Req Id:  18776

Enviar candidatura ahora »