Security Event Monitoring Shift Manager
Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Touche Tohmatsu Limited (DTTL) Global supports our network of national member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.
The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing, and securing critical infrastructure and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of cybersecurity services to Deloitte member firms through regional delivery hubs and a Global Fusion Center. We are seeking an APAC Shift Manager to join the team.
The Shift Manager reports to the Event Monitoring (EM) Service Delivery Manager within their region. The role focuses on providing Event Monitoring services for the Regional Security Operations Center (SOC) and serves as an advanced escalation point addressing potential information security incidents. The Shift Manager also serves as a mentor for multiple Event Monitoring technologies.
Responsibilities
As part of the Global Cybersecurity team, this professional:
Strategic
- Document and report changes, trends and implications concerning the design and integration of evolving systems and solutions.
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
- When necessary, devise and document new procedures
Operational
- Follow detailed operational processes and procedures to analyze threat alerts, determine impact, escalate to the Incident Response team as needed, and support the remediation of critical information security incidents, perform advanced network and host analysis.
- Handle incident escalations as necessary from other analysts
- Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up activity status.
- Responsible for identifying training needs for the junior analysts.
- Remain current on cyber security trends and intelligence (open source and commercial) to guide the security analysis & identification capabilities of the team.
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring.
- Ensures that all identified events are validated promptly and thoroughly investigated.
- Oversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Operational Level Agreements (OLAs)
- Identify automation opportunities and leverage SOAR/automation tools to orchestrate and automate triage, investigation, and response activities.
- Identify potential security risks and vulnerabilities and implement measures to mitigate them. Assess and prioritize security risks.
- Report progress and escalate in a timely manner to the APAC Service Delivery Manager
- Provide oversight and guidance to Tier 2 and Tier 1 Analysts to monitor, detect, analyze, remediate, and report on cybersecurity events and incidents.
- Coordinate with the Security Tool specialists to implement new or enhanced content.
- Collaborate with cross-functional teams, IT, and senior management to communicate security threats, risks, and recommendations
Certification:
- Requirement to achieve certain security certifications once employed including CISSP
Our purpose is to make an impact that matters, and our aspiration is to be the undisputed leader in professional services. At the root of these goals are our Shared Values, which describe the distinctive Deloitte culture. Our Values are timeless, all-encompassing and embrace the cultures in which Deloitte member firms operate. We expect all professionals to live our purpose and shared values and be the brand ambassadors holding Deloitte Global and member firms together.
Integrity
At Deloitte, everything we do starts with integrity. In our marketplace, nothing is more important than our reputation and, accordingly, we commit to conducting business with honesty, distinctive quality, and high levels of professional behavior.
Outstanding value to markets and clients
We play a critical role in helping both the capital markets and our member firm clients operate more effectively. We consider this role a privilege, and we know it requires constant vigilance and unrelenting commitment.
Commitment to each other
We are proud of our culture of borderless collegiality and work hard to support our people. We strive to create an inclusive environment that reflects our strong, clear expectations about diversity, respect, and fair treatment.
Strength from cultural diversity
Our member firm clients' business challenges are complex and benefit from the innovation and varied perspectives that our practitioners bring. We understand that working with people of different backgrounds, cultures, and thinking styles helps our people grow into better professionals and leaders.
Qualifications
Education
- Bachelor’s degree: degree in computer science, mathematics, engineering, or other technical degree preferred.
- Master’s degree preferred.
Work experience
- 10-14 years of experience in the Information Security / Cybersecurity domain with a focus on security event monitoring
- 2+ years holding a management and leadership role.
- At least 5+ years of experience in a SOC or SOC supporting role.
- Proven track record and experience of the following in a highly complex and global organization
- Working with leading SIEM technologies, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring)
- In depth, hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration, Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, Application/Database vulnerability scanning tools, mobile device analysis or Secure coding.
- Analyzing possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc. and coordinating remediation actions as necessary
- Strong leadership skills and ability to manage teams and shifts of analysts effectively.
- Experience with SOC ticketing systems and proven SOC process knowledg
- Professional security certification preferred, such as SANS 401, SANS 503 (Intrusion Analysis), SANS 504 (Incident Handling), SANS 511 (Monitoring), Certified Intrusion Analyst (GIAC), Certified Ethical Hacker (CEH), Certified Expert Penetration Tester (CEPT)
- Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
- Member of IISP or have the qualification, skills and experience to become a member.
- Willing to work in a global environment, supporting a 24x7 mission set.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Sound knowledge of business management and an expert knowledge of information / cybersecurity strategy and governance
- Knowledge of hunting, Cyber Kill Chain (CKC), and threat intelligence
- Strong knowledge and understanding of information security legal and regulatory requirements.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework
- Strong analytical skills to perform root-cause detection of cybersecurity exploits, vulnerabilities, and intrusions in host and network-based systems.
- Significant experience in an enterprise successfully leading a SOC team or unit responsible for analysis and correlation of cybersecurity event, log, and alert data.
- Needs to have a keen understanding of threat vectors as well as exfiltration techniques
- Ability to manage a global team and mentor analysts