Cyber Defense & Resilience Security Operations Manager

Position Summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security and integrated risk programs have often been unsuccessful in unifying the need to both secure, automate and support technology innovation required by the business.

The team

Deloitte Advisory's Cyber team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated business and cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs. We work across a variety of different risk and compliance programs that extend well beyond Cyber Risk. Learn more about Deloitte Advisory's Cyber Risk Services practice.

• Develop comprehensive strategies for SOCs, including program assessments and roadmaps, leveraging Deloitte's Capability Framework and leading practices.
• Support the design and implementation of Security Operations Center (SOC) operating models, identifying, evaluating, and providing solutions to evaluate complex business via a threat-based approach.
• Deliver assessments and implementations of Next-Gen SIEM platforms, including platform deployment, data source onboarding, content development and tuning, troubleshooting, and triaging complex issues associated with operating Next-Gen SIEM platforms.
• Identify cybersecurity, regulatory, and compliance trends, determine their potential impacts on clients, and develop solutions to address impacts across governance, people, processes, and technologies.
• Develop and maintain technical and procedural documentation for Next-Gen SIEM and security operations functions (e.g., detection use case testing, analyst runbooks, incident response plans).
• Perform Next-Gen SIEM and security operations architecture assessments to identify areas of improvement and provide practical solutions.
• Drive detection and automation use case content development and deployment across clients based on client priorities and relevant cyber risks and threats.
• Develop and maintain automations to facilitate scalable Next-Gen SIEM platform deployment activities (e.g., data ingestion, parser and data model development, detection use case testing).
• Align detection use case development with business needs and based on the industry leading standards, best practices and frameworks (e.g., MITRE ATT&CK).
• Identify, evaluate, and provide solutions to achieve the objectives set forth in the client's SOC Assessment & Roadmap, including governance models, organizational structures, playbooks, standards, communication plans, and training initiatives.
• Leverage technology-based tools or methodologies to review, design and/or implement products and services.
• Lead client and stakeholder workshops, interviews, and process walkthroughs to document key takeaways, end-to-end business processes, strategic goals and objectives, and programmatic requirements.
• Coordinate across multiple stakeholder groups, manage concurrent projects end-to-end, and serve as the daily point of contact for clients and respective Deloitte delivery teams.
• Select and tailor approaches, methods, and tools to support and further enable project delivery.
• Build and nurture positive working relationships with clients with the intention to exceed client expectations.
• Track and communicate engagement performance and planning to engagement leadership, ensuring project milestones remain on track and are completed as per engagement objectives, and risks are escalated, as required.
• Responsible for project(s) financials, including the contribution to financial and staffing plans, identification of opportunities to improve engagement profitability, and timely notification of billing and invoicing for client engagements.
• Collaborate with US and US-India Senior Consultants, Consultants and Analysts to ensure the effective delivery of security operations services and capabilities and continuously identify opportunities to upskill team members on processes, governance, and frameworks (e.g., MITRE ATT&CK, NIST 800-53).
• Serve as a counselor/coach to staff to provide oversight and support in pursuit of their career goals and objectives and ensure compliance with firm requirements (e.g., utilization, training).
• Participate and lead aspects of the sales lifecycle, including proposal development, request for proposal (RFP) responses, sales pitches, and contract generation (e.g., Statements of Work, Change Order).
• Partner with vendor and alliance stakeholders at Detection and Response industry leaders including CrowdStrike, Google, and Palo Alto Networks to identify opportunities for partnership on strategic initiatives, thought leadership, and client engagements.
• Utilize industry-leading practices and technology-based tools or methodologies to build go-to-market accelerator, thought leadership, and solutions to standardize project delivery and solve client challenges.

• 5+ years of hands-on experience designing, building, or leading a Security Operations Center and/or Engineering function
• Previous consulting or professional services experience
• Previous experience leveraging leading technology solutions for security operations, including Security Information & Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Case Management platforms
• Extensive experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
• Hands-on experience with at least one Next-Gen SIEM platform (e.g., CrowdStrike Next-Gen SIEM, Palo Alto XSIAM, Microsoft Sentinel, Google SecOps)
• Understanding of common network infrastructure devices such as routers and switches
• Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
• Detailed knowledge in system security architecture and security solutions
• Detailed knowledge of data management, transformation, and logging capabilities
• Detailed knowledge of detection and automation use case development and customization, including use of user and entity behavior analytics (UEBA), security orchestration automation and response (SOAR), and machine learning (ML) capabilities
• Previous security operations experience conducting alert analysis and triage
• In-depth knowledge of or background in adjacent security operations capabilities, including detection engineering, attack surface management, vulnerability management, forensics, threat hunting, incident response and recovery, and/or threat intelligence
• Proven and demonstrated leadership and team management experience, strong verbal and written communication skills, and interpersonal and organizational skills that enable working with teams across geographical locations
• Demonstrated flexibility in prioritizing and completing tasks and working collaboratively with clients and senior-level stakeholders to identify and solve key constraints, risks and issues
• Experience leading in and/or supporting pre-sales and sales activities, including proposals, RFPs, and contract generation
• Demonstrated experience leveraging Microsoft Office tools, including Microsoft PowerPoint, Microsoft Word, Microsoft Excel, and Microsoft Visio
• Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve
• Limited immigration sponsorship may be available
• Certifications: Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent

• Bachelor's degree or equivalent experience
• Knowledge of and/or previous experience with: Business Continuity and Disaster Recovery, CMDB/Asset Management, Information Technology, Operational Technology, Insider Risk
• Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures
• Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc
• Experience assisting in and/or responding to and recovering from a cyber incident
• Experience with broader cybersecurity strategy development and assessments, including NIST 800-53, MITRE ATT&CK mapping, and/or strategic roadmaps
• Hands-on experience with at least one Next-Gen SIEM platform (e.g., CrowdStrike Next-Gen SIEM, Palo Alto XSIAM, Microsoft Sentinel, Google SecOps)
• Strong analytical and problem-solving skills
• Self-motivated to improve knowledge and skills
• Previous experience directly responding to and recovering from cybersecurity incidents