Apply now »

Job Title:  Deputy Manager | Security Information and Event Management (SIEM) | Mumbai | Cyber Defense & Resilie

Job requisition ID ::  105929
Date:  Jun 8, 2026
Location:  Mumbai
Designation:  Deputy Manager
Entity:  Deloitte Touche Tohmatsu India LLP

Deputy Manager | Security Information and Event Management (SIEM) | Bengaluru | Cyber Defense & Resilience

Experience: 6–8 Years

Location: Mumbai / Pune

 

 

 

Role Overview

We are looking for a skilled Google SecOps (Chronicle) Architect to design, implement, and optimize cloud-native SIEM solutions. The role focuses on building scalable security monitoring, detection, and response capabilities using Google Security Operations.

 

 

Key Responsibilities

  • Lead architecture, design, and implementation of Google SecOps (Chronicle SIEM & SOAR) solutions
  • Onboard and normalize security telemetry from multiple sources (cloud, network, endpoint, SaaS)
  • Develop detection rules, use cases, and threat hunting queries using Chronicle Query Language (UQL/YARA-L)
  • Design and optimize data pipelines, parsing, enrichment, and normalization strategies
  • Integrate Google SecOps with security tools (EDR, IAM, firewalls, threat intel platforms)
  • Implement and fine-tune alerting, correlation, and automated response workflows (SOAR)
  • Perform threat hunting, incident investigation, and root cause analysis
  • Ensure scalability, performance tuning, and cost optimization of SecOps platform
  • Establish security best practices, governance, and compliance alignment
  • Collaborate with SOC teams to improve detection coverage and reduce false positives

 

 

Required Skills

  • Strong hands-on experience with Google SecOps (Chronicle SIEM/SOAR)
  • Expertise in SIEM architecture, log management, and security monitoring
  • Proficiency in detection engineering (YARA-L / UDM / UQL)
  • Experience in data ingestion, parsing, and normalization (UDM model)
  • Knowledge of security domains: network, endpoint, identity, cloud security
  • Experience with cloud platforms, especially Google Cloud Platform (GCP)
  • Understanding of threat frameworks (MITRE ATT&CK)
  • Familiarity with APIs and automation
  • Strong troubleshooting and performance optimization skills

 

 

Good to Have

  • Google Professional Security Engineer or Chronicle certification
  • Experience with SOAR playbooks and automation workflows
  • Exposure to multi-SIEM environments (Splunk, QRadar, Sentinel, etc.)
  • Programming/scripting knowledge (Python)
  • Experience with DevSecOps and Infrastructure as Code (Terraform)

Apply now »