Job Title:  T&T-Cyber-D&R-Security Information and Event Management (SIEM)-Manager-Delhi

The Team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at     how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about  Cybersecurity

Your Work Profile

·        Lead and manage day-to-day SOC operations, ensuring 24/7 monitoring and incident response readiness.

·        Oversee security incident detection, triage, investigation, and response in line with SLAs.

·        Act as the escalation authority for high-severity and business-critical incidents.

·        Drive incident response strategy including containment, eradication, recovery, and lessons learned.

·        Manage and optimize Microsoft Sentinel deployment, including use case development and data onboarding.

·        Develop and enhance detection rules, analytics, and automation workflows in Microsoft Sentinel.

·        Ensure alignment of detections with MITRE ATT&CK and industry best practices.

·        Lead SOC team (L1/L2/L3 analysts), including hiring, mentoring, performance management, and training.

·        Define and track SOC KPIs (MTTD, MTTR, SLA adherence, false positive rates).

·        Oversee integration and optimization of security tools (SIEM, EDR, SOAR, DLP, etc.).

·        Drive threat hunting programs and proactive detection initiatives.

·        Ensure health and coverage of log sources across on-prem and cloud environments.

·        Lead incident reporting, including executive-level briefings and stakeholder communication.

·        Conduct post-incident reviews, tabletop exercises, and continuous improvement initiatives.

·        Collaborate with IT, cloud, risk, and compliance teams to strengthen security posture.

·        Manage vendor relationships and evaluate new security technologies.

·        Ensure compliance with security frameworks (ISO 27001, NIST, etc.).

Key Skills Required

·        Experience: 9+ years in cybersecurity with significant experience in SOC operations and team leadership.

·        Leadership: Proven experience managing SOC teams and handling large-scale security operations.

·        SIEM Expertise: Deep hands-on and architectural knowledge of Microsoft Sentinel.

·        Incident Response: Strong expertise in incident management, escalation handling, and crisis response.

·        Threat Frameworks: Advanced understanding of MITRE ATT&CK and cyber kill chain.

·        Security Tools: Experience with EDR, SOAR, threat intelligence platforms, and network security tools.

·        Cloud Security: Strong knowledge of Azure security, M365 Defender, and multi-cloud environments (AWS, GCP).

·        Automation & Scripting: Familiarity with PowerShell, Python, and SOAR playbook automation.

·        Metrics & Reporting: Ability to define KPIs, generate dashboards, and report to leadership.

·        Process Management: Expertise in developing SOPs, playbooks, and operational workflows.

·        Communication: Strong stakeholder management and executive communication skills.

·           Bachelor’s or Master’s degree in Computer Science, Cyber Security, or related field

·           Preferred certifications:

·           Microsoft SC-200

·           Microsoft AZ-500

·           GIAC Certifications (GCIH, GCFA, GCIA)

·           Certified Information Systems Security Professional (CISSP)

·           Certified Ethical Hacker