Cyber Risk Fusion Managed Services SIEM SOC Engineer

company banner
Engineer, Security, IT, Use Case, Quality, Testing, Engineers, Database, Network, Python, TCP, IP, UNIX, Linux, CISSP, Systems, Unix, Windows, Routers, Switches, Firewall, Management, Web, System, Computer
Full Time
Work from home not available Travel not required

Job Description

Cyber Risk - Managed Threat Services SIEM Engineer - L3

Are you interested in improving the cyber risk protection of leading companies? If your response is yes, consider joining Deloitte & Touche LLP's growing Cyber Risk Vigilant Fusion Center. Our Fusion Center analysts and engineers assist our clients with identifying unauthorized activities and intrusions in their networks in real time.

Work you'll do
  • The Managed Threat Services Engineer position supports the Security Operations Center (SOC) as an advanced escalation point identifying and addressing potential information security incidents. This role is also responsible for supporting architecture changes, tool deployments and advanced content development:
  • Onboard advanced data sources, create new custom parsers and SIEM architecture assessment and design reviews
  • Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs).
  • Keep abreast of latest IT security, regulatory and compliance trends to support, compare and contrast analysis across various risk models. Understand how to take this knowledge and apply it to the SOC.
  • Deliver advisory support and education relating to the SIEM to other technology personnel and to technology management.
  • Assist in Use Case Roadmap development for client and updating Use Cases into UC Repository
  • Advanced Use Case development (Use Case from Roadmap as well as hunting related UCs)
  • Help structure our content development pipelines across clients based on the maturity of the client environments as well as the latest trends in security
  • Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements
  • Develop scripts to simplify data collection and other laborious tasks that are necessary to occur throughout onboarding of log sources
  • Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements
  • Quality review for HLUC, TUC, UC Testing, Parser, Runbooks and other Technical documents
  • Submitting documentation through the QRM process
  • 24/7 on-call support (as needed)
  • Be the central POC for all escalations
  • Managing and providing knowledge transfer to Junior Cyber Security Engineers
  • Coordinate with various technical groups and attend in-person client meetings
  • Build relationship with client counterpart (i.e. Lead Security Engineer on Client side)
  • Participation in rotation with the Analysts and SOC Operations Lead as part of training
  • Travel requirement: Less than 10%
  • Location requirement: Work can be done remotely from any location in the US.

The team

Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice.



Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

In depth experienced with the following technologies: leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness, LogRhythm or Splunk, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring), User and Network Behavior Analytics, End Point Solutions, and third-party monitoring tools such as Nagios, WhatsUp Gold or SolarWinds.

Five plus years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection

Must have been in a Level 2 Engineer role for at least two years

Understanding of Python or other scripting languages, TCP/IP stack, and UNIX/Linux environment


Strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and techniques

Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT

Experience with Intrusion Detection Systems, Firewalls, Proxy Servers, Antivirus, NAC, or other network security infrastructure

Ability to analyze complex issues for impact and alternative solutions, making logical decisions based on client objectives.

In depth hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration , Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or Secure coding

In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.

Proven SOC process knowledge

Advanced knowledge in system security architecture and security solutions


MS in Computer Science or Information Management desirable or equivalent work experience

Excellent interpersonal and organizational skills

Excellent oral and written communication skills

Self-motivated to improve knowledge and skills

Detail oriented

A strong desire to understand the what as well as the why and the how of security incidents

Works well both in a team environment and independently

A desire to lead a team and assist and mentor others

Company Information

Dice Id : 10106525
Position Id : E20NATFSLDMSS905FEN
Originally Posted : 1 month ago

Similar Positions at Deloitte

Cyber Engineer
  • Las Vegas, NV
  • 1 day ago
Manager, Cyber Engineering
  • Hermitage, TN
  • 1 day ago