Deloitte Global
Job title: APAC CYBER DEFENSE ENGINEERING – DATA MANAGEMENT - Manager
Do you thrive on developing creative and innovative insights to solve complex issues? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture?
Want to make an impact that matters? Consider Deloitte Global.
Work you’ll do:
The Global Data Management lead position supports the Data Management team which is responsible for monitoring the health and performance of the Splunk platform and data within Splunk. This role is responsible for overseeing the end-to-end process of data onboarding into Splunk from a variety of enterprise sources, ensuring performance, compliance, and efficiency at scale. This role is critical to ensuring seamless data integration, compliance, and performance across our observability platforms. The Role also requires technical expert in Splunk with strong leadership and stakeholder management capabilities.
· Technical Responsibilities:
o Lead the end-to-end data onboarding lifecycle, including ingestion, parsing, indexing, sourcetyping, and ensuring Common Information Model (CIM) compliance.
o Establish and maintain scalable onboarding standards to ensure data normalization, security, and optimal system performance
o Collaborate with architecture and security teams to enforce data compliance with retention, access control, and data masking policies.
o Design, develop, and implement scalable data onboarding pipelines leveraging technologies such as Splunk, Cribl Stream, and Cribl Edge.
o Define and enforce data normalization, parsing, and enrichment standards (e.g., CIM compliance) to support downstream analytics and detection use cases.
o Troubleshoot and resolve complex onboarding issues, performing root cause analysis and implementing long-term solutions.
o Partner with detection engineering, threat intelligence, and SOC teams to ensure telemetry and onboarded data meet use case and operational requirements.
o Continuously evaluate and integrate emerging technologies to enhance data onboarding efficiency and security.
o Continuous Improvement : Identify opportunities to automate and optimize onboarding processes
- · Team Leadership & Mentorship :
- o Manage and mentor a team of data engineers and onboarding specialists, fostering a collaborative and high-performance environment.
- o Promote a culture of continuous learning, innovation, and operational excellence within the team.
- o Provide technical guidance, conduct code reviews, and support career development for team members.
- o Establish and track team goals and performance metrics to drive accountability and professional growth.
· Stakeholder Management:
o Communicate onboarding progress, risks, and key metrics to senior leadership and relevant stakeholders.
o Gather, clarify, and prioritize data onboarding requirements from diverse stakeholders, including security teams, application owners, and business units.
o Build strong relationships with cross-functional teams to align onboarding initiatives with organizational objectives.
o Act as a subject matter expert for data onboarding best practices, standards, and compliance requirements.
Who you’ll work with:
The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.
Qualifications
Required:
· Bachelor’s degree in Computer Science, Information Technology, or relevant educational or professional experience.
· Atleast 8 to 12 years of hands-on Splunk Enterprise and or SplunkCloud Administration experience
· 2+ years of experience with Cribl Stream, Cribl Edge, and Cribl Cloud.
· Splunk Enterprise Core certified Admin, Power User, & User
· Strong Working Knowledge of the Splunk Platform and integrations to public cloud, EDR, Networking toolsets.
· Proficient in troubleshooting Splunk performance and data quality issues.
· Demonstrate strong proficiency in Cribl technologies to support scalable, efficient, and secure data onboarding pipelines
· Experience onboarding data from diverse environments including on-prem, cloud-native services, SaaS platforms, and third-party tools
· Strong understanding of common data transport protocols and log formats.
· Skilled in applying CIM mapping, metadata tagging,
· Strong experience in analyzing, troubleshooting and providing solutions for technical issues.
· Knowledge about various data onboarding methods (UF, HEC, DBConnect, syslog-ng, rsyslog) and means to troubleshoot them.
· Familiarity with cloud platforms (AWS, Azure, GCP) and containerized environments (Kubernetes, Docker).
· Knowledge and experience in GIT, Microsoft Azure DevOps, or any CI/CD tools.
· Experience in requirement gathering and documentation.
· Experience in Log parsing, lookups, calculated fields extractions using regular expression (regex).
· Experience in creating and troubleshooting Splunk Dashboards, Reports, Alerts, Visualizations and optimize SPL searches.
· Sound judgment and deduction skills with a knack to see out patterns.
· Proactive mindset and a self-starter with minimum supervision
· Excellent interpersonal and organizational skills.
Preferred:
· Splunk Enterprise Certified Architect
· SplunkCloud experience is a huge plus
· Cribl User / Admin certification
· Knowledge of risk assessment tools, technologies and methods
· Experience with Splunk Enterprise Security or Splunk ITSI