Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security and integrated risk programs have often been unsuccessful in unifying the need to both secure, automate and support technology innovation required by the business.The teamDeloitte Advisory's Cyber team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated business and cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs. We work across a variety of different risk and compliance programs that extend well beyond Cyber Risk. Learn more about Deloitte Advisory's Cyber Risk Services practice.Recruiting for this role ends on 05/31/2025.Work you'll do:
Develop comprehensive strategies for SOCs, including program assessments and roadmaps, leveraging Deloitte's Capability Framework and leading practices.
Support the design and implementation of Security Operations Center (SOC) operating models, identifying, evaluating, and providing solutions to evaluate complex business via a threat-based approach.
Deliver assessments and implementations of Next-Gen SIEM platforms, including platform deployment, data source onboarding, content development and tuning, troubleshooting, and triaging complex issues associated with operating Next-Gen SIEM platforms.
Identify cybersecurity, regulatory, and compliance trends, determine their potential impacts on clients, and develop solutions to address impacts across governance, people, processes, and technologies.
Develop and maintain technical and procedural documentation for Next-Gen SIEM and security operations functions (e.g., detection use case testing, analyst runbooks, incident response plans).
Perform Next-Gen SIEM and security operations architecture assessments to identify areas of improvement and provide practical solutions.
Drive detection and automation use case content development and deployment across clients based on client priorities and relevant cyber risks and threats.
Develop and maintain automations to facilitate scalable Next-Gen SIEM platform deployment activities (e.g., data ingestion, parser and data model development, detection use case testing).
Align detection use case development with business needs and based on the industry leading standards, best practices and frameworks (e.g., MITRE ATT&CK).
Identify, evaluate, and provide solutions to achieve the objectives set forth in the client's SOC Assessment & Roadmap, including governance models, organizational structures, playbooks, standards, communication plans, and training initiatives.
Leverage technology-based tools or methodologies to review, design and/or implement products and services.
Lead client and stakeholder workshops, interviews, and process walkthroughs to document key takeaways, end-to-end business processes, strategic goals and objectives, and programmatic requirements.
Coordinate across multiple stakeholder groups, manage concurrent projects end-to-end, and serve as the daily point of contact for clients and respective Deloitte delivery teams.
Select and tailor approaches, methods, and tools to support and further enable project delivery.
Build and nurture positive working relationships with clients with the intention to exceed client expectations.
Track and communicate engagement performance and planning to engagement leadership, ensuring project milestones remain on track and are completed as per engagement objectives, and risks are escalated, as required.
Responsible for project(s) financials, including the contribution to financial and staffing plans, identification of opportunities to improve engagement profitability, and timely notification of billing and invoicing for client engagements.
Collaborate with US and US-India Senior Consultants, Consultants and Analysts to ensure the effective delivery of security operations services and capabilities and continuously identify opportunities to upskill team members on processes, governance, and frameworks (e.g., MITRE ATT&CK, NIST 800-53).
Serve as a counselor/coach to staff to provide oversight and support in pursuit of their career goals and objectives and ensure compliance with firm requirements (e.g., utilization, training).
Participate and lead aspects of the sales lifecycle, including proposal development, request for proposal (RFP) responses, sales pitches, and contract generation (e.g., Statements of Work, Change Order).
Partner with vendor and alliance stakeholders at Detection and Response industry leaders including CrowdStrike, Google, and Palo Alto Networks to identify opportunities for partnership on strategic initiatives, thought leadership, and client engagements.
Utilize industry-leading practices and technology-based tools or methodologies to build go-to-market accelerator, thought leadership, and solutions to standardize project delivery and solve client challenges.
QualificationsRequired:
5+ years of hands-on experience designing, building, or leading a Security Operations Center and/or Engineering function
Previous consulting or professional services experience
Previous experience leveraging leading technology solutions for security operations, including Security Information & Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Case Management platforms
Extensive experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
Hands-on experience with at least one Next-Gen SIEM platform (e.g., CrowdStrike Next-Gen SIEM, Palo Alto XSIAM, Microsoft Sentinel, Google SecOps)
Understanding of common network infrastructure devices such as routers and switches
Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
Detailed knowledge in system security architecture and security solutions
Detailed knowledge of data management, transformation, and logging capabilities
Detailed knowledge of detection and automation use case development and customization, including use of user and entity behavior analytics (UEBA), security orchestration automation and response (SOAR), and machine learning (ML) capabilities
Previous security operations experience conducting alert analysis and triage
In-depth knowledge of or background in adjacent security operations capabilities, including detection engineering, attack surface management, vulnerability management, forensics, threat hunting, incident response and recovery, and/or threat intelligence
Proven and demonstrated leadership and team management experience, strong verbal and written communication skills, and interpersonal and organizational skills that enable working with teams across geographical locations
Demonstrated flexibility in prioritizing and completing tasks and working collaboratively with clients and senior-level stakeholders to identify and solve key constraints, risks and issues
Experience leading in and/or supporting pre-sales and sales activities, including proposals, RFPs, and contract generation
Demonstrated experience leveraging Microsoft Office tools, including Microsoft PowerPoint, Microsoft Word, Microsoft Excel, and Microsoft Visio
Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve
Limited immigration sponsorship may be available
Certifications: Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
Preferred
Bachelor's degree or equivalent experience
Knowledge of and/or previous experience with: Business Continuity and Disaster Recovery, CMDB/Asset Management, Information Technology, Operational Technology, Insider Risk
Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures
Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc
Experience assisting in and/or responding to and recovering from a cyber incident
Experience with broader cybersecurity strategy development and assessments, including NIST 800-53, MITRE ATT&CK mapping, and/or strategic roadmaps
Hands-on experience with at least one Next-Gen SIEM platform (e.g., CrowdStrike Next-Gen SIEM, Palo Alto XSIAM, Microsoft Sentinel, Google SecOps)
Strong analytical and problem-solving skills
Self-motivated to improve knowledge and skills
Previous experience directly responding to and recovering from cybersecurity incidents
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.htmlThe wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $130,815 - $252,450.You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.