Level: Solution Delivery Advisor
As an experienced Consultant at Deloitte Consulting, you will be responsible for individually delivering high quality work products within due timelines. Need-basis you will be mentoring and/or directing junior team members/liaising with onsite/offshore teams to understand the functional requirements.
Work you'll do
As a Consultant on the Detect & Respond team, you will be responsible for managing and providing Security Information and Event Management (SIEM) health and operational support, including architecture changes, tool deployments, and advanced content development.
- Perform SIEM configuration management, troubleshooting, and day-to-day operations support.
- Onboard security log data sources, develop custom parsers, and support actionable use case development, testing, and tuning.
- Conduct SIEM architecture assessments, content baseline assessments, and design reviews.
- Deliver advisory support to security operations center and technology stakeholders, including key risk indicator and key performance indicator monitoring.
- Review system security plans, network diagrams, vulnerability requirements, and patching requirements, and develop scripts to automate data collection and onboarding tasks.
- Provide 24/7 on-call support, coordinate with technical teams, attend client meetings, and build relationships with client security stakeholders.
The team
Deloitte’s Detect & Respond (D&R) aims to combine sophisticated technologies and human intelligence to help the clients monitor, detect, investigate, and respond to known and unknown attacks. We help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. The Detect and Respond team delivers service to clients through following key areas:
- Threat detection and response
- Attack surface management
- Threat Intelligence
- Threat Hunting
- Data Protection
Location: Bengaluru/Hyderabad/Pune/Chennai
Shift Timings: 24/7 rotational shifts; flexibility for night, weekend, and holiday coverage is essential; on-call support required based on project assignments
Qualifications
Required:
- 3-6 years of experience in security information and/or technology engineering support
- Certification such as Certified Information Systems Security Professional, GIAC Certified Intrusion Analyst, GIAC Continuous Monitoring, Certified Ethical Hacker, or equivalent
- Experience with security technologies such as Security Information and Event Management, Intrusion Detection System/Intrusion Prevention System, Data Loss Prevention, Proxy, Web Application Firewall, Endpoint Detection and Response, Anti-Virus, Sandboxing, firewalls, Threat Intelligence, and Penetration Testing
- Knowledge of Advanced Persistent Threat tactics, techniques, and procedures
- Knowledge of network attack activities including probing, scanning, distributed denial-of-service, and malicious code activity
- Knowledge of network infrastructure devices and protocols including routers, switches, Transmission Control Protocol/Internet Protocol, Domain Name System, and Hypertext Transfer Protocol
- Experience with system security architecture and security solutions
Preferred:
- Experience interpreting, searching, and manipulating data within enterprise logging solutions and Information Technology Service Management tools
- Certifications such as Splunk Architecture, ArcSight, Sentinel, or Chronicle
- Certifications such as Certified Information Systems Security Professional, Certified Information Systems Auditor, Certified Information Security Manager, GIAC Certified Incident Handler, GIAC Continuous Monitoring, GIAC Cloud Defender, GIAC Penetration Tester, GIAC Certified Forensic Analyst, GIAC Cyber Threat Intelligence, Offensive Security Certified Professional, or Certified Ethical Hacker
- Bachelor’s degree in Computer Science, Cyber Security, Information Security, Engineering, or Information Technology