Job Title: T&T-Cyber-D&R | Security Information and Event Management (SIEM) | Deputy Manager | Delhi
T&T-Cyber-D&R | Security Information and Event Management (SIEM) | Deputy Manager | Delhi
• Job requisition ID : 101084
• Location: Delhi
• Entity: Deloitte Touche Tohmatsu India LLP
The Team
Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity
Your Work Profile
· Lead and manage end-to-end incident response for critical and high-impact security incidents.
· Act as the final escalation point for complex investigations from L1/L2 analysts.
· Perform advanced threat hunting using Microsoft Sentinel and integrated security tools.
· Conduct deep forensic investigations including endpoint, memory, disk, and network forensics.
· Analyze sophisticated attack techniques, malware behavior, and adversary tactics.
· Develop and optimize advanced detection rules, analytics, and threat hunting queries in Microsoft Sentinel.
· Map incidents and detections to MITRE ATT&CK techniques and improve coverage.
· Design, implement, and maintain SOAR playbooks for automated response and orchestration.
· Drive root cause analysis and provide strategic recommendations to prevent recurrence.
· Produce executive-level incident reports and lead stakeholder briefings.
· Lead post-incident reviews, tabletop exercises, and simulation activities.
· Mentor L1/L2 analysts and provide technical leadership within the SOC.
· Evaluate and onboard new security tools, technologies, and detection capabilities.
· Collaborate with engineering teams to enhance log visibility and telemetry coverage.
· Define and track KPIs/metrics for SOC performance and incident response effectiveness.
· Support threat intelligence integration and proactive defense strategies.
Key Skill Required
· Experience: 6+ years in cybersecurity with strong focus on incident response, SOC operations, and threat hunting.
· SIEM Mastery: Deep expertise in Microsoft Sentinel including architecture, onboarding, and advanced analytics.
· Incident Response Leadership: Proven experience leading major incident investigations and response efforts.
· Threat Frameworks: Expert-level understanding of MITRE ATT&CK, cyber kill chain, and adversary tactics.
· Digital Forensics: Hands-on experience with forensic tools (EnCase, FTK, Volatility, etc.).
· Threat Hunting: Advanced skills in proactive threat hunting and hypothesis-driven investigations.
· KQL Expertise: Strong proficiency in complex query building, analytics rule creation, and data correlation.
· EDR Technologies: Deep experience with Microsoft Defender, CrowdStrike, SentinelOne, etc.
· Operating Systems: Advanced knowledge of Windows internals, Active Directory, and Linux systems.
· Networking: Strong understanding of network protocols, traffic analysis, and intrusion detection.
· Cloud Security: Expertise in Azure security, M365 Defender, and multi-cloud environments (AWS, GCP).
· SOAR & Automation: Strong experience with automation platforms and scripting (PowerShell, Python).
· Malware Analysis: Knowledge of malware behavior, reverse engineering basics, and threat actor techniques.
· Communication: Ability to present technical findings to executive leadership and non-technical stakeholders.
· Experience in leading SOC transformations or building detection engineering practices.
· Strong background in threat intelligence integration and adversary emulation.
· Experience working in large enterprise or MSSP environments.
· Bachelor’s degree in Computer Science, Cyber Security, or related field (Master’s preferred).
· Knowledge of compliance frameworks (ISO 27001, NIST, etc.).
