Job Title: Consultant (Cyber Infrastructure – Microsoft Sentinel, EDR, XDR)
Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Advisory Cyber Risk Services team and become a member of the largest group of Cyber Risk individuals worldwide.
Work you’ll do
As a Senior Consultant, you will be at the front lines with our clients supporting them with their Cyber Risk needs specifically helping them address Cloud Security concerns and navigate the journey to the Cloud on the Microsoft Sentinel Platform. This will include:
- Experience in architecting, designing, and implementing the deployment of Cloud Services (Azure, AWS, GCP), Microsoft Sentinel, EDR, and XDR solutions to enhance clients' security posture.
- Experience in forming KQL queries and functions for complex detection and monitoring requirements.
- Expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration.
- Must have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework.
- Assisting clients with migrating from existing SIEM solution (other platforms) to Microsoft Sentinel.
- Expertise in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.
- Must have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, and maintenance of local agents.
- Expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel must have requirements. Experience with third-party data brokering service is a plus.
- Experience with threat intelligence integration and UEBA (User and Entity Behavior Analytics) .
- Experience with scripting and automation tools (e.g., PowerShell, Python, Terraform) for security operations
- Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures.
- Develop, implement and refine automation playbooks in Microsoft Sentinel.
- Devise and document new procedures and runbooks/playbooks as directed.
- Create cyber and threat hunting queries to enable the Intelligence team to conduct advanced investigations when required.
- Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.
· Experience in connecting native and third-party custom/SaaS applications with SIEM.
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures.
- Acting as a subject matter expert on cyber risk for the Microsoft Sentinel, EDR & XDR platforms.
- Preference will be given for candidates completed Sentinel Ninja Level 400 Training and Certification.
- Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.
- Having knowledge and hands-on experience in Microsoft Defender XDR stack will be an added advantage.
- Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.
- Experienced in working with stakeholders to solve technical issues and to support and deliver complex business, security and operational requirements.
- Ability to work with vendor technical support group and driving issues towards effective and permanent closure.
The team
Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice.
Required:
· 2+ years of experience in technical consulting, client problem solving, architecting, and designing solutions around Microsoft Sentinel, EDR & XDR platforms
Working experience in at least one of the areas listed below.
· 2+ years of hands-on technical experience enterprise-with Microsoft Security management services (Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network and host-based firewalls, Threat Intelligence, Vulnerability Assessment, Penetration Testing, etc.)
Ideally the following technical experience:
· 2+ years of hands-on technical experience implementing Microsoft Sentinel, EDR, XDR focused security solutions for Microsoft technologies
Additional Requirements:
· B.Tech/BE/BCA/MCA Degree required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.
Preferred:
· Certifications such as: Microsoft new roles-based certifications (eg. SC 200), CCSP, CCSK, CISSP, CCNP, CCNA certification a plus.
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.
Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.
Job Description: Cyber Risk Application Security Consultant
Job Title: Consultant (Cyber Infrastructure – Microsoft Sentinel, EDR, XDR)
Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security programs have often been unsuccessful in unifying the need to both secure and support technology innovation required by the business. Join Deloitte's Advisory Cyber Risk Services team and become a member of the largest group of Cyber Risk individuals worldwide.
Work you’ll do
As a Senior Consultant, you will be at the front lines with our clients supporting them with their Cyber Risk needs specifically helping them address Cloud Security concerns and navigate the journey to the Cloud on the Microsoft Sentinel Platform. This will include:
- Experience in architecting, designing, and implementing the deployment of Cloud Services (Azure, AWS, GCP), Microsoft Sentinel, EDR, and XDR solutions to enhance clients' security posture.
- Experience in forming KQL queries and functions for complex detection and monitoring requirements.
- Expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration.
- Must have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework.
- Assisting clients with migrating from existing SIEM solution (other platforms) to Microsoft Sentinel.
- Expertise in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.
- Must have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, and maintenance of local agents.
- Expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel must have requirements. Experience with third-party data brokering service is a plus.
- Experience with threat intelligence integration and UEBA (User and Entity Behavior Analytics) .
- Experience with scripting and automation tools (e.g., PowerShell, Python, Terraform) for security operations
- Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures.
- Develop, implement and refine automation playbooks in Microsoft Sentinel.
- Devise and document new procedures and runbooks/playbooks as directed.
- Create cyber and threat hunting queries to enable the Intelligence team to conduct advanced investigations when required.
- Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.
· Experience in connecting native and third-party custom/SaaS applications with SIEM.
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures.
- Acting as a subject matter expert on cyber risk for the Microsoft Sentinel, EDR & XDR platforms.
- Preference will be given for candidates completed Sentinel Ninja Level 400 Training and Certification.
- Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.
- Having knowledge and hands-on experience in Microsoft Defender XDR stack will be an added advantage.
- Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.
- Experienced in working with stakeholders to solve technical issues and to support and deliver complex business, security and operational requirements.
- Ability to work with vendor technical support group and driving issues towards effective and permanent closure.
The team
Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice.
Required:
· 2+ years of experience in technical consulting, client problem solving, architecting, and designing solutions around Microsoft Sentinel, EDR & XDR platforms
Working experience in at least one of the areas listed below.
· 2+ years of hands-on technical experience enterprise-with Microsoft Security management services (Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network and host-based firewalls, Threat Intelligence, Vulnerability Assessment, Penetration Testing, etc.)
Ideally the following technical experience:
· 2+ years of hands-on technical experience implementing Microsoft Sentinel, EDR, XDR focused security solutions for Microsoft technologies
Additional Requirements:
· B.Tech/BE/BCA/MCA Degree required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.
Preferred:
· Certifications such as: Microsoft new roles-based certifications (eg. SC 200), CCSP, CCSK, CISSP, CCNP, CCNA certification a plus.
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.
Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.
Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Attack Surface Management (ASM) Services including identifying potentially vulnerable IT assets or weak security configurations within their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?
If yes, then Deloitte’s Attack Surface Management (ASM) team could be the place for you! Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping cyber initiatives today. Deloitte’s ASM business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace.
Our team is client focused and mission driven. As a Cyber Risk Attack Surface Senior Consultant in Deloitte's Attack Surface Management (ASM) Services, you’ll work with our diverse teams of passionate professionals to help solve for some of today’s toughest cybersecurity challenges to enable or clients to achieve business growth and manage risk.
Work you’ll do
As an Attack Surface Management Consultant, you will assist our clients with discovering vulnerabilities and rogue assets (such as shadow IT) in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and procedures used by cyber criminals.
· Conduct vulnerability assessments and manual penetration testing for Web, API, Thick Client and mobile applications.
· Perform Secure code review and false positive analysis for vulnerabilities reported by industry standard tools.
· Respond to requests for ad-hoc reporting and research topics from management and analysts as required
· Develop and implement application security policies and procedures.
· Identify and prioritizes security vulnerabilities.
· Coordinate with the application development teams and operations teams to assist with the remediations plans and securing the applications
· Quickly understand and deliver on company and client requirements
· Aid in and participate in daily, weekly, quarterly, and yearly reporting for clients, partners, and internal teams
· Adhere to internal operational security and other Deloitte policies
Qualifications Required:
· Bachelor's degree or higher in Computer Science, or equivalent experience.
· 3-5 years of hands-on experience in application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments.
· Strong understanding of OWASP Top 10 vulnerabilities but not limited to.
· Strong experience in manual assessment and exploitation of vulnerabilities such as Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling etc.
· Strong understanding of OAUTHv2/OpenID standards and associated vulnerabilities.
· Strong understanding of business logic vulnerabilities.
· Experience in Secure Code Review in-line with OWASP Secure Coding Practices.
· Proficiency in industry standard tools such as Burp Suite, Fiddler, Sysinternals suite, Veracode, DnSpy, Olly debugger, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida etc.
· Ability to perform manual penetration testing and security assessments using automated tools.
· Excellent technical report writing skillset.
· Knowledge of web application components like frontend, backend, databases and application servers.
· Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases.
· Experience with reviewing application security architectures and threat modelling.
· Understand on the basic concepts of reverse engineering, memory analysis etc.
· Understanding of basic networking protocols such as TCP/IP, DNS, HTTP/s
· Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS
· Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Burp Suite Certified Practitioner (BSCP), Web Application Penetration Tester (GWAPT).
Preferred:
· Proficiency in Web and Mobile application security assessments, penetration testing and secure code review.
· Relevant publications such as blogs, tools, conference presentations and CVEs are preferred.
· Offensive Security Web Expert (OSWE) and Burp Suite Certified Practitioner (BSCP) certifications are preferred.
· Experience with automation and scripting (Python) are preferred.
· Outstanding English written and oral communication skills and the ability to prioritize work
· Strong understanding of web, mobile and microservices vulnerabilities.
· Working knowledge of how malicious code operates and how technical vulnerabilities are exploited.
· Strong analytical and problem-solving skills.
· Self-motivated to upskill and learn new attack vectors.
· A strong desire to understand the what as well as the why and the how of security vulnerabilities.
The team
Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation, and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory’s Cyber Risk Services practice.
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to
senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center.
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Deloitte’s culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world.
Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the
organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.