Note: The job is a remote job and is open to candidates in USA. Deloitte is a leading company in cybersecurity solutions, seeking a SIEM Engineer to support security monitoring and incident analysis. The role involves building and optimizing SIEM content and improving alert fidelity to enhance clients' cyber defense capabilities.
Responsibilities
- Configure, maintain, and optimize SIEM content including correlation rules, alerts, dashboards, and reports
- Analyze security events and log data to identify suspicious activity, support investigations, and improve detection coverage
- Integrate and normalize log sources from endpoint, network, cloud, identity, and security platforms
- Partners with cybersecurity teams to support use case development, threat detection, incident triage, and response activities
- Document detection logic, operational procedures, and monitoring requirements to support consistent service delivery
Skills
- Bachelor's degree in computer science, Cybersecurity, Information Technology, Engineering, or a degree in related technical field
- Active Secret Clearance
- 3+ years of experience in cybersecurity, security operations, or SIEM engineering
- 3+ years of experience with at least one of the following: Splunk, Palo Alto XSIAM, or Crowdstrike NG SIEM
- 2+ years' experience in creating, tuning, and maintaining correlation searches, alerts, dashboards, and reports in a Security Information and Event Management platform
- 2+ years' experience in reviewing and analyzing logs from endpoint, network, cloud, identity, and application sources
- Security certification such as Splunk certification, Palo Alto Networks certification, or CrowdStrike certification is required
- Ability to travel up to 20%, on average, based on the work you do and the clients and industries/sectors you serve
- Must be willing to work at client onsite or Deloitte office for up to 5 days a week
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
- 2+ years' experience supporting enterprise monitoring in a Security Operations Center
- Experience onboarding and normalizing log sources in a Security Information and Event Management platform
- Experience mapping detections to MITRE ATT&CK techniques
- Experience with cloud security monitoring in Amazon Web Services, Microsoft Azure, or Google Cloud Platform
- Hands-on experience with scripting or query languages used for detection and log analysis
- Security certification such as CompTIA Security+, or GIAC certification
Benefits
- You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
- Deloitte is committed to providing reasonable accommodations for people with disabilities. If you require a reasonable accommodation to participate in the recruiting process, please direct your inquiries to the Global Call Center (GCC) at [email protected].
- We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship.
- From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
Company Overview