Consultant - Security Information and Event Management Job in Mumbai at Deloitte

Deloitte is hiring for the role of Consultant - Security Information and Event Management!

Responsibilities of the Candidate:

• Develop, test, and implement custom SIEM rules, correlation logic, and use cases to detect security threats.
• Continuously improve and tune existing detection content to reduce false positives and enhance detection accuracy.
• Build and maintain complex correlation rules, dashboards, and alerts tailored to organizational needs.
• Stay current with emerging threats and vulnerability trends, ensuring SIEM content is aligned with the latest threat intelligence.
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
• Creating SIEM rules to fulfill requirements provided by customers in their security use cases.
• SIEM Administrator is responsible for maintaining client’s SIEM appliance by making sure all SIEM deployment devices are working properly, efficiently and with desired performance.
• Inform L3 team of proactive and reactive actions to minimize false positives
• Identifying the risk for Infrastructure and executing the plan to reduce the risk.
• Driving End to End Internal and External Audits related to content management.
• Responsible to Perform detailed investigation on security log data events.
• Security Analysis using Industry standard tools and technologies.
• Preparing detailed run book for each Use case for creating the SOAR playbook
• Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
• Have knowledge in device integration for log collection and developing custom parser for unsupported log source integration.
• Creating security Usecases and mapping it line to MITRE ATTACK and Cyber Kill Chain phases.

Requirements:

• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, and incident management.
• Fundamental understanding of network traffic analysis, including TCP/IP, routing, switching, and protocols.
• Experience in creating SIEM rules based on customer-provided security use cases.
• Ability to perform active analysis on security vulnerabilities, advisories, incidents, and attack techniques.