Job Title:  T&T-Cyber-D&R- Security Information and Event Management (SIEM), Assistant Manager Manager-Gurgaon

The team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at     how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about  Cybersecurity

Key Responsibilities:

·        Investigate and respond to escalated security incidents from L1 analysts.

·        Perform in-depth analysis of alerts and events using Microsoft Sentinel and other security platforms.

·        Execute incident response activities including containment, eradication, and recovery.

·        Correlate data from multiple sources: Firewalls, IDS/IPS, EDR, Azure AD, endpoints, and cloud environments.

·        Conduct root cause analysis and identify attack vectors and impacted assets.

·        Develop and fine-tune detection rules, analytics, and hunting queries in Microsoft Sentinel.

·        Utilize KQL (Kusto Query Language) to perform advanced threat hunting and log analysis.

·        Work with SOAR capabilities to automate response actions and improve efficiency.

·        Create and maintain incident response playbooks, SOPs, and runbooks.

·        Provide detailed incident reports and technical briefings to stakeholders.

·        Assist L1 analysts in triage and provide mentorship and guidance.

·        Monitor and ensure health and integrity of log ingestion pipelines.

·        Participate in threat hunting and proactive detection initiatives.

·        Collaborate with cross-functional teams (IT, Cloud, Security Engineering).

Required Skills & Expertise

·        Experience: 4+ years in SOC operations, incident response, or cybersecurity monitoring.

·        SIEM Expertise: Strong hands-on experience with Microsoft Sentinel and other SIEM tools.

·        Incident Response: Solid understanding of incident response lifecycle and handling real-world incidents.

·        Threat Frameworks: Working knowledge of MITRE ATT&CK and cyber kill chain concepts.

·        Log Analysis: Ability to analyze and correlate logs across network, endpoint, and cloud sources.

·        KQL: Proficiency in writing complex queries for investigation and threat hunting.

·        EDR Tools: Hands-on experience with tools like Microsoft Defender, CrowdStrike, SentinelOne, etc.

·        Operating Systems: Strong knowledge of Windows, Active Directory, and basic Linux systems.

·        Networking: Good understanding of network protocols (TCP/IP, DNS, HTTP/S, VPN).

·        Cloud Security: Experience with Azure security monitoring and cloud-native threats.

·        SOAR Exposure: Familiarity with automation tools and playbook execution.

·        Communication: Ability to create detailed reports and communicate with technical and non-technical stakeholders.

·        Experience with malware analysis and basic forensic investigation.

·        Knowledge of Azure Defender, M365 Defender, and identity-based threats.

·        Scripting knowledge (PowerShell, Python) for automation.

·        Experience working in MSSP or enterprise SOC environments.

·        Exposure to threat intelligence platforms and IOC-based investigations.

         Bachelor’s degree in computer science, Cyber Security, or related field.

         Preferred certifications:
         
          Microsoft SC-200

          CompTIA Security+ CompTIA CySA+

          GIAC (GCIH preferred) or equivalent certifications