Apply now »

Job Title:  T&T | Cyber : D&R | SIEM Use Case & Engineering | Assistant Manager | Mumbai

Job requisition ID ::  96269
Date:  Apr 19, 2026
Location:  Mumbai
Designation:  Assistant Manager
Entity:  Deloitte Touche Tohmatsu India LLP

T&T | Cyber : D&R | SIEM Use Case & Engineering | Assistant Manager | Mumbai
Job requisition ID : 96269 
Location: Mumbai
Entity: Deloitte Touche Tohmatsu India LLP 

The team

 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about Cybersecurity 

 

Your work profile

 

The SIEM Use Case & Engineering L2 Analyst is responsible for designing, implementing, tuning, and maintaining SIEM detection use cases. The role focuses on improving threat detection coverage, reducing false positives, and aligning detections with the MITRE ATT&CK framework and business risk.

 

 

Key Skills Required

 

  • 6 years of experience
  • Design, develop, and maintain SIEM use cases and detection rules
  • Tune correlation rules to improve accuracy and reduce false positives
  • Map detections to MITRE ATT&CK tactics and techniques
  • Develop and optimize log parsing, normalization, and enrichment
  • Onboard and validate new log sources (security, infrastructure, cloud)
  • Conduct detection gap analysis and threat coverage assessments
  • Support threat hunting activities and proactive detection development
  • Collaborate with SOC, IR, and SOAR teams for end-to-end response
  • Maintain use case documentation, runbooks, and dashboards
  • Strong hands-on experience with SIEM platforms (QRadar, Splunk, Sentinel, ArcSight, Elastic, etc.)
  • Expertise in:
  • Correlation rule logic and detection engineering
  • Log analysis and event normalization
  • False-positive reduction techniques
  • MITRE ATT&CK framework
  • Network, endpoint, identity, and cloud security logs
  • Experience with:
  • SIEM query languages (AQL, SPL, KQL, Lucene, etc.)
  • Threat intelligence integration
  • SIEM–SOAR integration (preferred)
  • SIEM certifications (IBM QRadar, Splunk, Microsoft Sentinel)
  • GCIA, GCIH, or equivalent
  • MITRE ATT&CK or Detection Engineering–focused training
  • Education B. E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields

 

 

 

Apply now »