Cyber Defense & Resilience Security Operations Senior Consultant

Position Summary

Are you interested in working in a dynamic environment that offers opportunities for professional growth and new responsibilities? If so, Deloitte & Touche LLP could be the place for you. Traditional security and integrated risk programs have often been unsuccessful in unifying the need to both secure, automate and support technology innovation required by the business.

The team

Deloitte Advisory's Cyber team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated business and cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs. We work across a variety of different risk and compliance programs that extend well beyond Cyber Risk. Learn more about Deloitte Advisory's Cyber Risk Services practice.

• Assist in increasing the maturity of key security operations capabilities (e.g., program governance, detection engineering, threat analysis and response) across governance, people, processes, and technology.
• Deliver assessments and implementations of Next-Gen SIEM platforms, including platform deployment, data source onboarding, content development and tuning, architecture, troubleshooting, and triaging complex issues associated with operating Next-Gen SIEM platforms.
• Develop and maintain automations to facilitate scalable Next-Gen SIEM platform deployment activities (e.g., data ingestion, parser and data model development, detection use case testing).
• Drive detection and automation use case content development and deployment across clients based on client priorities and relevant cyber risks and threats.
• Align detection use case development with business needs and based on the industry leading standards, best practices and frameworks (e.g., MITRE ATT&CK).
• Help define Deloitte's perspective on the latest Security Operations Center (SOC) trends, capabilities, and technologies via established Points of Views and collaborative client workshops.
• Develop procedural collateral, including process flows, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), interaction models, analyst runbooks, and detection use case testing documentation to enable standardized responses to identified cyber threats.
• Conduct SOC Capability Assessments, leveraging leading practices to evaluate current state capabilities and aligning targeted recommendations to a strategic roadmap.
• Build comprehensive strategies for SOCs, including program roadmaps, leveraging Deloitte's Capability Framework and leading practices
• Support the design and implementation of SOC operating models, identifying, evaluating, and providing solutions to evaluate complex business via a threat-based approach.
• Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements.
• Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services.
• Assist in building and nurturing positive working relationships with clients with the intention to exceed client expectations.
• Help facilitate client and stakeholder workshops, interviews, and process walkthroughs to document key takeaways, end-to-end business processes, strategic goals and objectives, and programmatic requirements
• Leverage the Microsoft Suite (e.g., Microsoft PowerPoint, Microsoft Word, Microsoft Visio) to create and design effective presentations to communicate project outcomes to clients.
• Support effective project execution through project management activities including project kickoffs, stakeholder identification, interview and workshop coordination, document requests and evidence collection, and deliverable creation.
• Track and communicate engagement performance and planning to Deloitte engagement management, ensuring project milestones remain on track and are completed as per engagement objectives, and risks are escalated, as required.
• Participate actively in decision-making with engagement management to understand the broader impact of engagement decisions, risks, and objectives.
• Collaborate with US and US-India Consultants and Analysts to ensure the effective delivery of security operations services and capabilities, develop Deloitte's SOC thought leadership and associated accelerators, and upskill team members on processes, governance, and frameworks (e.g., MITRE ATT&CK, NIST 800-53).
• Utilize industry-leading practices and technology-based tools or methodologies to enhance the applicability and relevance of Deloitte SOC strategy services provided to clients.
• Collaborate with Practice Leadership to build go-to-market methodologies and solutions to accelerate project delivery and solve client challenges.

• 3+ years of hands-on experience in Security Operations or Detection Engineering
• Background and knowledge of security operations capabilities, including detection engineering, attack surface management, vulnerability management, SOC analysis, investigation, and response, artificial intelligence and machine learning.
• Hands-on experience with at least one Next-Gen SIEM platform (e.g., CrowdStrike Next-Gen SIEM, Palo Alto XSIAM, Microsoft Sentinel, Google SecOps)
• Previous experience leveraging leading technology solutions for security operations, including Security Information & Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Case Management platforms
• Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
• Detailed knowledge in system security architecture and security solutions
• Detailed knowledge of data management, transformation, and logging capabilities
• Strong leadership experience, verbal and written communication skills, and ability to work with teams across geographical locations
• Demonstrated experience leveraging Microsoft Office tools, including Microsoft PowerPoint, Microsoft Word, Microsoft Excel, and Microsoft Visio
• Demonstrating flexibility in prioritizing and completing tasks and working collaboratively with project leadership to identify and solve key constraints, risks and issues
• Demonstrated problem solving, critical thinking and logical structuring skills
• Limited immigration sponsorship may be available
• Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve

• Bachelor's degree or equivalent experience
• Strong analytical and problem-solving skills
• Self-motivated to improve knowledge and skills
• Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
• Previous experience serving as a SOC Analyst and/or conducting event analysis, triage, and investigation (Level 2 experience preferred)
• Previous experience interpreting, searching, and manipulating data with enterprise logging solutions
• Previous professional services experience or demonstrated experience in client service orientation, conflict resolution, analysis/synthesis of information, negotiation, and project management)
• Extensive experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
• Knowledge of and/or previous experience with: Incident Response and Readiness, Business Continuity and Disaster Recovery, CMDB/Asset Management, Information Technology, Operational Technology, Insider Risk
• Detailed knowledge of detection and automation use case development and customization, including use of user and entity behavior analytics (UEBA), security orchestration automation and response (SOAR), and machine learning (ML) capabilities
• Experience assisting in and/or responding to and recovering from a cyber incident