Position summary Cyber Risk – Managed Threat Services SIEM Engineer – L3Are you interested in improving the cyber risk protection of leading companies? If your response is yes, consider joining Deloitte & Touche LLP’s growing Cyber Risk Vigilant Fusion Center.
Our Fusion Center analysts and engineers assist our clients with identifying unauthorized activities and intrusions in their networks in real time.
Work you’ll doThe Managed Threat Services Engineer position supports the Security Operations Center (SOC) as an advanced escalation point identifying and addressing potential information security incidents.
This role is also responsible for supporting architecture changes, tool deployments and advanced content development:Onboard advanced data sources, create new custom parsers and SIEM architecture assessment and design reviewsHelp define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs).Keep abreast of latest IT security, regulatory and compliance trends to support, compare and contrast analysis across various risk models.
Understand how to take this knowledge and apply it to the SOC.Deliver advisory support and education relating to the SIEM to other technology personnel and to technology management.Assist in Use Case Roadmap development for client and updating Use Cases into UC RepositoryAdvanced Use Case development (Use Case from Roadmap as well as hunting related UCs)Help structure our content development pipelines across clients based on the maturity of the client environments as well as the latest trends in securityReview and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagementsDevelop scripts to simplify data collection and other laborious tasks that are necessary to occur throughout onboarding of log sourcesReview and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagementsQuality review for HLUC, TUC, UC Testing, Parser, Runbooks and other Technical documentsSubmitting documentation through the QRM process24/7 on-call support (as needed)Be the central POC for all escalationsManaging and providing knowledge transfer to Junior Cyber Security EngineersCoordinate with various technical groups and attend in-person client meetingsBuild relationship with client counterpart (i.e.
Lead Security Engineer on Client side)Participation in rotation with the Analysts and SOC Operations Lead as part of trainingTravel requirement: Less than 10% Location requirement: Work can be done remotely from any location in the US.The teamDeloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks.
Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TMcyber risk programs.
Join the team developing the future state of cyber risk solutions.Learn more about Deloitte Advisory’s Cyber Risk Services practice.QualificationsRequired:§ In depth experienced with the following technologies: leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness, LogRhythm or Splunk, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring), User and Network Behavior Analytics, End Point Solutions, and third-party monitoring tools such as Nagios, WhatsUp Gold or SolarWinds.§ Five plus years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection§ Must have been in a Level 2 Engineer role for at least two years§ Understanding of Python or other scripting languages, TCP/IP stack, and UNIX/Linux environment § CISSP§ Strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and techniques§ Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT§ Experience with Intrusion Detection Systems, Firewalls, Proxy Servers, Antivirus, NAC, or other network security infrastructure§ Ability to analyze complex issues for impact and alternative solutions, making logical decisions based on client objectives.§ In depth hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration , Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or Secure coding§ In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.§ Proven SOC process knowledge§ Advanced knowledge in system security architecture and security solutionsPreferred:§ MS in Computer Science or Information Management desirable or equivalent work experience§ Excellent interpersonal and organizational skills§ Excellent oral and written communication skills§ Self-motivated to improve knowledge and skills§ Detail oriented§ A strong desire to understand the what as well as the why and the how of security incidents§ Works well both in a team environment and independently§ A desire to lead a team and assist and mentor othersAs used in this posting, “Deloitte Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services.
Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm.
Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
These entities are separate subsidiaries of Deloitte LLP.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws.
See notices of various ban-the-box laws where available.
Requisition code: E20NATEA8SS402MTS