Deloitte Job - 30877706 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: Deloitte
Location: Chicago, IL
Career Level: Mid-Senior Level
Industries: Business Services, Consulting


Cyber Risk – Managed Threat Services SIEM Engineer – L3

Are you interested in improving the cyber risk protection of leading companies? If your response is yes, consider joining Deloitte & Touche LLP's growing Cyber Risk Vigilant Fusion Center. Our Fusion Center analysts and engineers assist our clients with identifying unauthorized activities and intrusions in their networks in real time.

Work you'll do

  • The Managed Threat Services Engineer position supports the Security Operations Center (SOC) as an advanced escalation point identifying and addressing potential information security incidents. This role is also responsible for supporting architecture changes, tool deployments and advanced content development:
  • Onboard advanced data sources, create new custom parsers and SIEM architecture assessment and design reviews
  • Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs).
  • Keep abreast of latest IT security, regulatory and compliance trends to support, compare and contrast analysis across various risk models. Understand how to take this knowledge and apply it to the SOC.
  • Deliver advisory support and education relating to the SIEM to other technology personnel and to technology management.
  • Assist in Use Case Roadmap development for client and updating Use Cases into UC Repository
  • Advanced Use Case development (Use Case from Roadmap as well as hunting related UCs)
  • Help structure our content development pipelines across clients based on the maturity of the client environments as well as the latest trends in security
  • Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements
  • Develop scripts to simplify data collection and other laborious tasks that are necessary to occur throughout onboarding of log sources
  • Review and critique system security plans, network diagrams, and other security documentation as part of vulnerability engagements
  • Quality review for HLUC, TUC, UC Testing, Parser, Runbooks and other Technical documents
  • Submitting documentation through the QRM process
  • 24/7 on-call support (as needed)
  • Be the central POC for all escalations
  • Managing and providing knowledge transfer to Junior Cyber Security Engineers
  • Coordinate with various technical groups and attend in-person client meetings
  • Build relationship with client counterpart (i.e. Lead Security Engineer on Client side)
  • Participation in rotation with the Analysts and SOC Operations Lead as part of training
  • Travel requirement: Less than 10%
  • Location requirement: Work can be done remotely from any location in the US.

The team

Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TMcyber risk programs. Join the team developing the future state of cyber risk solutions.Learn more about Deloitte Advisory's Cyber Risk Services practice.



§ Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

§ In depth experienced with the following technologies: leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness, LogRhythm or Splunk, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring), User and Network Behavior Analytics, End Point Solutions, and third-party monitoring tools such as Nagios, WhatsUp Gold or SolarWinds.

§ Five plus years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection

§ Must have been in a Level 2 Engineer role for at least two years

§ Understanding of Python or other scripting languages, TCP/IP stack, and UNIX/Linux environment


§ Strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and techniques

§ Familiarity with tools such as: IDS/IPS, DLP, Proxy, WAF, EDR, AV, MVM, Sandboxing, FWs, Threat Intel, Pen Testing, APT

§ Experience with Intrusion Detection Systems, Firewalls, Proxy Servers, Antivirus, NAC, or other network security infrastructure

§ Ability to analyze complex issues for impact and alternative solutions, making logical decisions based on client objectives.

§ In depth hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration , Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or Secure coding

§ In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.

§ Proven SOC process knowledge

§ Advanced knowledge in system security architecture and security solutions


§ MS in Computer Science or Information Management desirable or equivalent work experience

§ Excellent interpersonal and organizational skills

§ Excellent oral and written communication skills

§ Self-motivated to improve knowledge and skills

§ Detail oriented

§ A strong desire to understand the what as well as the why and the how of security incidents

§ Works well both in a team environment and independently

§ A desire to lead a team and assist and mentor others

As used in this posting, “Deloitte Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available.

Requisition code: E20NATFSLDMSS905FEN

 Apply on company website