Cyber Risk - Managed Threat Services SIEM Engineer - L3
Are you interested in improving the cyber risk protection of leading companies? If your response is yes, consider joining Deloitte & Touche LLP's growing Cyber Risk Vigilant Fusion Center. Our Fusion Center analysts and engineers assist our clients with identifying unauthorized activities and intrusions in their networks in real time.
Work you'll do
Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient. TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice.
SS In depth experienced with the following technologies: leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness, LogRhythm or Splunk, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring), User and Network Behavior Analytics, End Point Solutions, and third-party monitoring tools such as Nagios, WhatsUp Gold or SolarWinds.
SS Five plus years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection
SS Must have been in a Level 2 Engineer role for at least two years
SS Understanding of Python or other scripting languages, TCP/IP stack, and UNIX/Linux environment
SS Strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and techniques
SS Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT
SS Experience with Intrusion Detection Systems, Firewalls, Proxy Servers, Antivirus, NAC, or other network security infrastructure
SS Ability to analyze complex issues for impact and alternative solutions, making logical decisions based on client objectives.
SS In depth hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration , Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or Secure coding
SS In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.
SS Proven SOC process knowledge
SS Advanced knowledge in system security architecture and security solutions
SS MS in Computer Science or Information Management desirable or equivalent work experience
SS Excellent interpersonal and organizational skills
SS Excellent oral and written communication skills
SS Self-motivated to improve knowledge and skills
SS Detail oriented
SS A strong desire to understand the what as well as the why and the how of security incidents
SS Works well both in a team environment and independently
SS A desire to lead a team and assist and mentor others