Job Title:  RA-CSR-Cyber-D&R-SOC- Hyd

Job requisition ID ::  60770
Date:  May 15, 2024
Location:  Hyderabad
Designation:  Deputy Manager
Entity: 

Risk Advisory Cyber Risk What impact will you make

 

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential Deloitte is where you’ll find unrivaled opportunities to succeed and realize your full potential. The Team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about our Cyber Risk Practice. Work you’ll do As a part of our Risk Advisory team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations.

 

SOC Content Management L3 Profile –
• 6+ Years of Experience
• Excellent analytical and problem-solving skills, with the ability to analyze complex security incidents and identify actionable insights.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders.
• Extensive experience with security technologies, including SIEM platforms (e.g., Splunk, QRadar, ArcSight), IDS/IPS, endpoint detection and response (EDR), and network security monitoring (NSM) tools.
• Proficiency in writing and implementing advanced detection and response rules using query languages (e.g., SPL, YARA, Snort) and scripting languages (e.g., Python).
• Candidate must have understanding on UEBA and AI/ML based Usecases.
• Understanding of MITRE ATT&CK, NIST cyber incident response framework and Cyber kill chain.
• Lead the development and optimization of advanced security content, including correlation rules, alerts, and playbooks, to improve threat detection and response capabilities within the SOC environment.
• Conduct in-depth analysis of security events, logs, and alerts to identify patterns, trends, and potential indicators of compromise (IOCs), and translate findings into actionable detection and response rules.
• Evaluate and tune existing detection rules, signatures, and policies in security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and other security tools to optimize detection accuracy and minimize false positives.
• Lead strategic initiatives to enhance SOC capabilities, such as implementing new technologies, developing innovative detection methods, and improving operational processes.
• Provide expertise and guidance on the selection, deployment, and configuration of security technologies to support SOC content requirements, including SIEM platforms, threat intelligence feeds, and log management solutions.
• Mentor and train junior SOC analysts on content management best practices, methodologies, and tools, and provide technical assistance and support as needed.
• Contribute to the development and maintenance of standard operating procedures (SOPs), guidelines, and documentation related to SOC content management processes and procedures.
• Participate in incident response activities, including incident analysis, containment, eradication, and recovery, and provide support and guidance to SOC analysts during security incidents.
• Stay current with industry trends, emerging threats, and best practices in security content management, and incorporate this knowledge into SOC operations and strategic initiatives.
• Experience in integrating unsupported devices and developing the parsers.
Certification Requirements

 

CSIRT L2 Profile –
• 4-6 Years of experience in Major Incident response and threat Hunting
• Excellent analytical and problem-solving skills, with the ability to analyze complex security incidents and identify actionable insights.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Leverage the Operational & Tactical Threat Intel data from the established feeds & sources to detect Threats.
• Knowledgeable in the fundamentals of firewall, IDS/IPS, EPP/EDR, FIM, WAF, VPN, PIM and other security protective/detective controls.
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in Sandboxing, Email Analysis, File/Process analysis and understanding of various computer forensic tools.
• Experience in handling Major security incidents and following internal and external protocols for communication during security incidents.
• The Incident Response Specialist must be comfortable and confident when communicating to both technical and non-technical audiences and should have ability to multi-task and adjust based on priorities.
• Understand Incident Response processes and participate in analysis, containment, and eradication of cyber security events and incidents.
• Based on the Incident Response analysis and lesson learnt update and fine-tune detection and prevention processes for early detection.
• Identify the Security issues/vulnerability and help implement best security practices, consistently mature the Security Incident Response process, and build the team's technical investigative capabilities (process & technology).
• Conduct deep-dive analysis of security events and incidents to determine root cause and extent of impact of Critical Security Incidents
Certification’s requirements: CEH, CCNA, Incident Handling Certification

 

SOC Infrastructure L3 Profile –
• 6+ Years of experience in managing and maintaining the infrastructure, tools, and systems within the Security Operations Center (SOC)
• Excellent analytical and problem-solving skills, with the ability to analyze complex security incidents and identify actionable insights.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders.
• Strong understanding of networking concepts, protocols, and technologies, including TCP/IP, DNS, DHCP, and routing.
• Manage and Maintain SIEM, Automation, Threat Management, Anti-APT solutions
• Configure, deploy, and maintain the SOC platforms, including software updates, patches, and upgrades.
• Monitor the performance, health, and availability of the SOC infrastructure platforms and troubleshoot technical issues as needed.
• Manage user access controls, permissions, and role-based access within the SOC platforms.
• Develop and maintain runbooks, playbooks, and standard operating procedures (SOPs), procedures, design documents for SOC Platforms.
• Continuously assess and optimize the SIEM configuration, correlation rules, and detection mechanisms to improve accuracy and reduce false positives.
• Conduct regular reviews of SIEM performance metrics, rule effectiveness, and alert thresholds to ensure alignment with security objectives.
• Integrate the SIEM platform with other security tools, systems, and data sources to enhance visibility and streamline security operations.
• Provide training and guidance to SOC analysts on SIEM best practices, use cases, and investigation techniques.
• Proficiency in scripting languages (e.g., Python, PowerShell) for automation and customization.
Certification’s requirements: CISSP, vendor specific SIEM certifications are preferred.

 

 

 

 

• Understands how their daily work contributes to the priorities of the team and the business How you’ll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our purpose Deloitte is led by a purpose: To make an impact that matters. Risk Advisory Cyber Risk Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte's impact on the world Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals