Job Title:  T&T | Cyber: D&R | SIEM Sentinel | Consultant | Delhi

Location: Delhi

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at     how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about  Cybersecurity 

Your Work Profile

·        Monitor security alerts and events using Microsoft Sentinel and other SOC tools.

·        Perform initial triage and classification of security incidents based on severity and impact.

·        Investigate alerts from multiple sources such as Firewalls, IDS/IPS, EDR, Azure AD, and endpoints.

·        Escalate validated incidents to L2/L3 teams following defined SLAs and playbooks.

·        Document incidents, actions taken, and findings in ticketing systems (e.g., ServiceNow).

·        Assist in basic incident response activities such as containment support and evidence collection.

·        Analyze logs from various sources including Azure resources, Windows systems, and network devices.

·        Follow standard operating procedures (SOPs) and incident response playbooks.

·        Monitor health of log sources and report any ingestion or visibility issues.

·        Support threat detection by identifying suspicious patterns and anomalies.

·        Participate in shift-based SOC operations (24/7 monitoring if applicable).

·        Collaborate with SOC team members to improve detection rules and reduce false positives.

Key Skills Required: 

·        Experience: 2+ years in SOC monitoring / cybersecurity operations.

·        SIEM Knowledge: Hands-on experience with Microsoft Sentinel (preferred) or other SIEM tools.

·        Basic Incident Response: Understanding of incident lifecycle (Detection → Triage → Escalation).

·        Log Analysis: Ability to analyze logs from Windows, Azure AD, firewalls, and endpoints.

·        KQL (Kusto Query Language): Basic knowledge for querying logs in Sentinel.

·        Security Tools Exposure: Familiarity with EDR tools (e.g., Microsoft Defender, CrowdStrike).

·        Networking Fundamentals: Understanding of TCP/IP, DNS, HTTP/S, VPN concepts.

·        Operating Systems: Basic knowledge of Windows and Linux environments.

·        Threat Frameworks: Awareness of MITRE ATT&CK framework.

·        Cloud Basics: Exposure to Azure security concepts and services.

·        Communication Skills: Ability to document incidents and communicate findings clearly.

·        Bachelor’s degree in computer science, Cyber Security, or related field

·        Preferred certifications : CompTIA Security+, Microsoft SC-200 CompTIA CySA+ .