Apply now »

Job Title:  T&T I Cyber-D&R I Manager | Microsoft Defender -EDR | Bengaluru, Hyderabad, Pune, Mumbai, Delhi

Job requisition ID ::  105245
Date:  May 22, 2026
Location:  Bengaluru
Designation:  Manager
Entity:  Deloitte Touche Tohmatsu India LLP

T&T I Cyber-D&R I Manager | Microsoft Defender -EDR | Bengaluru, Hyderabad, Pune, Mumbai, Delhi
Job requisition ID : 105245 
Location: Bengaluru
Entity: Deloitte Touche Tohmatsu India LLP 

 

The team 

 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at    how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks.  Learn more about Cybersecurity  

 

Your Work Profile 

We are looking for a senior security engineering professional to design, build, and scale the Microsoft Defender security platform across enterprise environments. This is a hands-on engineering role, focused on platform architecture, integrations, automation, and coverage expansion—not SOC operations.

Ideal candidate will be responsible for the end-to-end engineering lifecycle of Microsoft Defender solutions, driving deep integration across hybrid infrastructure, improving telemetry quality, and enabling downstream detection and response teams through robust, scalable security infrastructure.

 

Key Skills required

10+ years in Cybersecurity Engineering / Platform Security 

1. Platform Architecture & Engineering

  • Design and implement scalable architecture for:
  • Microsoft Defender XDR ecosystem
  • Defender for Endpoint, Identity, Office 365, and Cloud
  • Define engineering standards, deployment patterns, and configuration baselines
  • Drive Zero Trust security architecture using Microsoft security capabilities

 

2. Deployment & Integration

  • Lead enterprise-wide rollout and onboarding for:
  • Endpoints (Windows, Linux, macOS, servers)
  • Identities (Active Directory, Azure AD)
  • Email and collaboration platforms (M365)
  • Cloud workloads (Azure, AWS, GCP)
  • Integrate Defender stack with:
  • Microsoft Sentinel (SIEM)
  • SOAR platforms (e.g., Logic Apps, Google SOAR)
  • Third-party tools via APIs

 

3. Telemetry & Data Engineering

  • Ensure high-quality signal ingestion across all Defender components
  • Engineer log pipelines and normalization for:
  • Endpoint telemetry
  • Identity signals
  • Cloud activity logs
  • Optimize telemetry for coverage, performance, and cost efficiency

 

4. Automation & Orchestration

  • Build engineering-driven automation for:
  • Device onboarding and configuration
  • Policy enforcement
  • Alert enrichment pipelines
  • Develop reusable scripts and frameworks using:
  • PowerShell, Python, ARM/Bicep/Terraform
  • Enable infrastructure-as-code (IaC) for Defender configurations

 

5. Detection Enablement (Engineering Support)

  • Partner with SOC and Threat Hunting teams to:
  • Enable logging and telemetry required for detections
  • Deploy custom detection rules (KQL-based)
  • Maintain detection infrastructure, not run operations

 

6. Coverage & Gap Engineering

  • Identify and remediate visibility gaps across:
  • Legacy systems
  • Unmanaged endpoints
  • Multi-cloud environments
  • Drive onboarding strategies for hard-to-cover assets

 

7. Performance, Hardening & Optimization

  • Optimize Defender configurations for:
  • Performance impact on endpoints
  • Noise reduction (engineering-side tuning)
  • Licensing efficiency
  • Harden configurations to meet compliance and security standards

 

8. Governance & Platform Reliability

  • Define and enforce engineering SLAs for:
  • Platform uptime
  • Data availability
  • Integration reliability
  • Build monitoring for platform health and telemetry pipelines

 

9. Leadership & Collaboration

  • Act as technical SME for Microsoft security platform
  • Collaborate with:
  • Cloud engineering teams
  • Endpoint management teams
  • Identity teams
  • Mentor junior engineers and define engineering best practices

 

Required Skills & Expertise

Core Technical Skills

  • Deep hands-on experience with:
  • Microsoft Defender for Endpoint (MDE)
  • Defender for Identity (MDI) (Entra ID)
  • Defender for Office 365
  • Defender for Cloud (CSPM & CWPP)
  • Defender for Cloud Apps
  • Strong expertise in Defender XDR architecture

 

Data & Querying

  • Working knowledge of:
  • KQL (Kusto Query Language)
  • Understanding of log pipelines and SIEM integration

 

Preferred Certifications

  • Microsoft:
  • SC-200, SC-300, SC-100
  • Azure Security Engineer (AZ-500)
  • CISSP / CISM (optional but valuable)

 

Key Differentiators for This Role

  • 100% engineering-led role (NOT SOC operations)
  • Focus on:
  • Platform build & scale
  • Telemetry engineering
  • Automation & integration
  • Success measured by:
  • Coverage completeness
  • Platform reliability
  • Engineering maturity
  • Bachelor’s/Master’s degree  

 

 

 

Apply now »