Position Summary

Cyber Threat Intelligence Collection Manager

Overview of the job

As part of the global Centralized Cybersecurity Threat Intel team, the Collection Manager reports to the Threat Intelligence Operation Lead. Leading the collection, ingestion, analysis and documentation of intelligence sources. Your primary role will be to lead a small team of collection analysts to make sure the intel that we collect helps us answer the issues our decision makers care about.

As a Collection Manager, you will lead the collection and ingestion of intelligence data and internal telemetry, lead the processing of said data to become information that intelligence analysts can work with, evaluation of the sources, follow and lead the external threat monitoring and darkweb investigations’ capability, drive the team’s intelligence collection management plan, vendor and sources management evaluation and procurement internal process.

The right candidate is a motivated individual with excellent managerial skills to organize and motivate an international team of collections analysts to identify new data sources, process existing data to be able to analyze in new and innovative ways, and create analytics, rules, and logic to detect badness in our environment. Additionally, the Collection Manager will regularly interface with Global security teams and vendors to ensure our intelligence collection needs are met.

Other responsibilities include to:

·        Identify and curate intelligence relevant to Deloitte’s Priority Intelligence Requirements (PIRs).

·        Create and maintain analytics that can run on security devices and SIEM.

·        Collaborate with internal stakeholders and work actively with vendors.

·        Gain and maintain access for the TI team to Deloitte internal data and telemetry at the Global and MF level from sources to include but not limited to email, FWs, WAFs, IDPS, etc.

·        Manage relationships with vendors and their procurement process.

·        Create, maintain and update the high-level collection management plan. Processing and documenting intelligence from various data sources.

·        Manage the conference attendance plan for the entire intelligence team.

·        Support the intel sharing effort.

·        Organize and maintain our database of technical indicators, intelligence reports, and briefings.

·        Develop workflows for intelligence collection ranging from open source, vendor feeds, internal telemetry, etc.

·        Lead a small, diverse team of regionally dispersed collections and malware analysts.

·        Review, edit, and revise Malware and Threat Actor behavior report writings.

·        Coordinate intelligence support to internal threat hunting efforts.

·        Coordinate with Production Manager to ensure the right data is available to satisfy consumer requirements.

·        Oversee collection metrics, seize all opportunities to improve quality and efficiency.

·        Organize and provide training and staff professional development to the collection team to maintain expertise.

Qualifications

Education:

Bachelor’s degree - a technology-related field, or equivalent education-related experience.

Required Technical Experience:

  • 10-13 years of experience in security operations or threat intelligence with a minimum of 2 years of experience in a management role or 8 years work experience with demonstrated leadership potential during that time.
  • Experience working and managing large data sets and data feeds, especially from commercial threat intelligence vendors.
  • Understanding of host and network forensic artifacts and indicators of compromise.
  • Experience and knowledge of major cyber threat actors and their malware families activity and main behavior.
  • Experience working in information technology / cyber security for a large, complex enterprise and collaborating across teams.
  • Demonstrated ability to solve complex technical problems and adapt to changing technologies.
  • Demonstrate excellent mastery of English, with strong written, verbal, and interpersonal communication skills.

Desirable Skills and Experience 

  • Understanding and knowledge about the latest cyber threat trends.
  • Familiarity with company internal procurement processes, vendor/sources contracts and renewals.
  • Familiarity with Threat Intelligence Platform software such as ThreatConnect, OpenCTI or Anomali.
  • Experience participating in threat intelligence sharing organizations.
  • Intelligence Collections experience supporting report creation.
  • Experience in scripting languages, especially Python, with a strong understanding of software development principles.
  • Ability to create SNORT, YARA, SIGMA, and other behavior-based detection rules.
  • Understanding of Splunk Enterprise Security, to include LookupTables and Splunk Threat Intelligence data model.

Leadership & Management Qualifications and Skills: 

  • Monitor project progress, identify potential risks, and implement mitigation strategies. Report the projects status weekly gaining the track of each project from the team members.
  • Responsible for planning, managing, and coordinating projects and teams for the development of new products, sources and improvements.
  • Ability to provide oversight across multiple initiatives or projects.
  • Experience working independently and geographically separate from some team members.
  • Mentor and coach team members, fostering a culture of continuous learning and innovation.
  • Desire and ability to work in a dynamic, fast-paced environment.
  • Experience maintaining documentation.

Work Location: Hyderabad

Work Timing: 11AM – 8PM

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.
Our purpose

Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. 
Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Requisition code: 215207