▷ (Apply in 3 Minutes) USI - FY26 - Cyber Defense & Resilience - SIEM (Azure Sentinel) - Manager

Job Description Summary Position Summary Cyber Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. As a leader in the field, we empower our clients to transform their security posture and navigate the ever-evolving threat landscape. Join our team to drive impactful change , deliver strategic insights, and help organizations Position Summary Level: Manager Work you'll do As a Manager , you will be playing an integral role in defining cloud security strategies, designing cloud security architecture using cloud-native or third-party security services, developing strategies to secure cloud migration, and identifying opportunities to automate security processes to enhance and secure client's cloud environment on Microsoft Security Platform. This will include: - Determine security requirements for cloud-based solutions by evaluating business strategies and requirements - Executing on Cloud security engagements across the lifecycle strategy, design, implementation and operations - Responsible for supervising the work of team members and supporting delivery teams and staff - Conducting cloud security analysis of clients Cloud platforms/environments. This can include IaaS, PaaS and SaaS Cloud platforms such as Azure and M365 - Expe rience in a rchitect ing , designing , and implemen ting the deployment of Cloud Services (Azure, AWS, GCP), Microsoft Sentinel, EDR, and XDR solutions to enhance clients security posture . - Experience in forming KQL queries and functions for complex detection and monitoring requirements. - E xpertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature , end to end configuration. - Ability to create clear and concise reports on security data and threats, including data visualization techniques . - Must have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework. - Assisting clients with m igrating from existing SIEM solution (other platforms) to Microsoft Sentinel. - Expertise in log management, retentions , maintenance of logs at low cost, performing access management , developing new custom dashboard based on different requirements. - Must have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, and maintenance of local agents. - Expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel must have requirements. Experience with third-party data brokering service is a plus. - Experience with threat intelligence integration and UEBA (User and Entity Behavior Analytics ) . - Experience with scripting and automation tools (e.g., PowerShell, Python , Terraform ) for security operations - Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures. - Develop , i mplement and refine automation playbooks in Microsoft Sentinel. - Devise and document new procedures and runbooks/playbooks as directed. - Create cyber and threat hunting queries to enable the Intelligence team to conduct advanced investigations when required . - Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc. - Experience in connecting native and third - party custom /SaaS applications with SIEM . - Design and develop cloud security policies and enforce using cloud-native services or third-party solutions such CSPM (Wiz, Prisma Cloud), CASB/CWPP. - Provide product best fit analysis to ensure end to end security covering different aspects of secure architecture e.g., layered security, zoning, API security, endpoint security, data security, data security, logging. - Experience in deploying and managing Microsoft Defender for Cloud and configuring Defender for Servers in Cloud and On-Premises. - Experience in leveraging Security Copilot, create custom prompts and integrate with threat sources - Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures. - Acting as a subject matter expert on cyber risk for the Microsoft Sentinel, EDR & XDR platforms. - Preference will be given for candidates completed Sentinel Ninja Level 400 Training and Certification. - Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc. - Having knowledge and hands-on experience in Microsoft Defender XDR stack will be an added advantage. - Experience d in working with stakeholders to solve technical issues and to support and deliver complex business, security and operational requirements. - A bility to work with vendor technical support group and driving issues towards effective and permanent closure. The Team Cyber Defense & Resilience teams support clients in defending against sophisticated cyber threats by transforming security operations through advanced technology, data analytics, and threat intelligence. They ensure organizations are ready to respond and recover from business disruptions by continuously monitoring client environments and delivering rapid crisis and cyber incident response. A cornerstone of their approach is robust Attack Surface Management (ASM), which enables proactive identification, prioritization, and remediation of vulnerabilities across networks, applications, cloud assets, and endpoints. Through these integrated servicesoperational resilience, incident response, and security operations center transformationclients benefit from stronger protection of their dynamic digital ecosystems and enhanced resilience against evolving cyber risks. Qualifications Must Have Skills/Project Experience/Certifications: - 10 + years of experience in technical consulting, client problem solving, architecting, and designing solutions around Microsoft Sentinel , EDR & XDR platforms - Strong working knowledge of IT service management (e.g., ITIL-related disciplines) - Understanding industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST CSF, NIST 800-53, PCI DSS, SOC2, HIPAA, PCI, SOX, GLBA, etc. - Working experience in at least one of the areas listed below. - 6 + years of h ands-on technical experience enterprise-with Microsoft Security management services ( Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti- Virus, Sandboxing, network and host-based firewalls, Threat Intelligence, Vulnerability Assessment, Penetration Testing, etc .) - Ideally the following technical experience: - 8 + years of hands-on technical experience implementing SIEM , EDR, XDR focused security solutions for Microsoft technologies Education: - B .Tech /B E/BCA/MCA Degree required . Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Good to Have Skills/Project Experience/Certifications: - Certifications such as: Microsoft new roles-based certifications ( eg. SC 2 00) , CCSP, CCSK, CISSP, CCNP, CCNA , Security+ certification a plus . Our purpose Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financiallyand live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 312347