Job Title:  Assistant Manager | Security Information and Event Management (SIEM) | Delhi | Cyber Defense & Resil

The team  

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at     how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about  Cybersecurity

Key Responsibilities

• Work closely with security teams to understand detection requirements and translate them into Microsoft Sentinel analytics rules and use cases
• Design, implement, and test Sentinel use cases to detect specific security threats and attack patterns
• Continuously optimize analytics rules to improve detection accuracy and reduce false positives
• Develop and maintain KQL (Kusto Query Language)–based analytics, hunting queries, and workbooks
• Tune alerts to ensure they are actionable and aligned with SOC operational needs
• Configure data connectors to onboard logs from Microsoft and third-party sources
• Ensure data is normalized and enriched using ASIM (Advanced Security Information Model) and threat intelligence
• Set appropriate alert thresholds based on behavioral analysis and threat intelligence
• Maintain detailed documentation for Sentinel use cases, including design, implementation, and tuning procedures
• Generate reports and dashboards to measure the effectiveness and performance of Sentinel detections
• Collaborate with SOC analysts, incident responders, and IT teams to ensure use cases align with operational workflows
• Work with Microsoft and partner vendors to troubleshoot issues and leverage new Sentinel features
• Proactively research and implement innovative detection techniques using threat hunting and analytics

• Develop and tune detection use cases leveraging Defender for Endpoint advanced hunting
• Correlate endpoint telemetry with Sentinel analytics for improved incident visibility
• Translate MITRE ATT&CK TTPs into endpoint-focused detection and response use cases
• Optimize Defender alerts and policies to minimize noise while maintaining strong security coverage
• Design and develop Sentinel automation rules and Logic App–based playbooks to respond to common security incidents
• Create automated workflows for alert enrichment, containment, and remediation actions
• Integrate Sentinel with Microsoft Defender, Entra ID, ServiceNow, firewalls, and threat intelligence platforms
• Automate enrichment of alerts with contextual data to improve analyst decision-making
• Develop automation use cases based on recurring incident scenarios and threat patterns
• Continuously tune automation workflows to improve efficiency and reduce response times
• Monitor the health and performance of automation workflows and playbooks
• Establish feedback loops with SOC teams to refine automation effectiveness
• Maintain detailed documentation for automation workflows, playbooks, and scripts
• Write and maintain scripts (e.g., PowerShell, Python) to support security automation and integrations
• Utilize RESTful APIs to enable communication between Sentinel, Defender, and third-party security tools

Key Skills Required

• • Strong hands-on experience with Microsoft Sentinel (SIEM & SOAR)
  • Strong expertise in Microsoft Defender for Endpoint
  • Experience configuring, managing, and optimizing Sentinel analytics rules, workbooks, and automation
  • Proficiency in KQL (Kusto Query Language) for detections, hunting, and investigations
  • Experience developing and managing Logic Apps–based playbooks
  • Strong scripting skills in PowerShell and/or Python for automation and integration
  • Experience working with REST APIs and JSON
  • Solid understanding of MITRE ATT&CK and converting TTPs into detection and response use cases
  • Experience integrating Sentinel with Microsoft security tools and third-party platforms
  • SOC Operations experience with a focus on SIEM use case development and SOAR automation
  • Strong stakeholder engagement and communication skills 
  • Education B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields 
  • Experience Required - 4 to 6 years
  • Base location: Koramangala - Bangalore (Mandatory client deputation) 
  • Professional is required to work from office 
  • Shall have 4-6 Years of experience and proposed OEM certifications