Job Title:  T&T | Cyber : D&R | SOAR | Consultant | Mumbai

The team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks: Learn more about Cyber | Deloitte

Your work profile

• The SOAR L2 Analyst is responsible for developing, maintaining, and optimizing security automation workflows using Palo Alto Cortex XSOAR. This role works closely with SOC, SIEM, and IR teams to automate incident response, reduce MTTR, and improve overall security operations efficiency.
• Design, develop, and enhance Cortex XSOAR playbooks for incident response and threat handling
• Integrate Cortex XSOAR with SIEM platforms, EDR, firewalls, ticketing systems, and threat intelligence feeds
• Perform L2 investigation and response for security incidents triggered through SOAR workflows
• Customize and script automations using Python, JavaScript, or XSOAR automations
• Optimize alert triage, enrichment, containment, and remediation workflows
• Troubleshoot playbook failures and integration issues
• Collaborate with SOC L1/L3 teams to improve detection-to-response processes
• Maintain documentation, SOPs, and use-case playbooks
• Support onboarding of new tools and integrations into SOAR
• Participate in continuous improvement to reduce MTTD and MTTR

Key Skills Required: 

• Education: - Any Graduate or B.E / B. Tech (Tier 1/2) in Computer Science, Information Technology or related fields 
• Hands-on experience with Palo Alto Cortex XSOAR (playbooks, integrations, automations)
• Strong understanding of SOC operations, incident response lifecycle, and MITRE ATT&CK
• Experience integrating SOAR with:
• SIEM (Splunk, QRadar, Sentinel, etc.)
• EDR/XDR (Cortex XDR, CrowdStrike, Sentinel One)
• Firewalls (Palo Alto Networks)
• Ticketing tools (ServiceNow, Jira)
• Scripting knowledge in Python (preferred) or JavaScript
• Knowledge of REST APIs, JSON, and data parsing
• Familiarity with threat intelligence platforms and enrichment sources
• Certifications (Good to Have) -Palo Alto Networks, PCSAE (Cortex XSOAR Automation Engineer) , PCCET / PCNSE , GIAC (GCIA, GCIH), CEH, or equivalent SOC certifications.
• Key KPIs - Reduction in MTTR through automation, Playbook success and stability rate , Incident handling efficiency and accuracy. and Automation coverage across SOC use cases