Senior Security Operations Analyst

Serve as the Global Event Monitoring Service (GEMS) Lead for all cyber threat detections for GEMS' SIEM. Develop and manage a comprehensive content maturity framework for the GEMS, incorporating the latest threat intelligence and security research to optimize GEMS's detection and response capabilities. Fine-tune alerting thresholds, implement automation processes, and empower GEMS analysts with the necessary tools and resources to improve security outcomes for the organizations. Improve the effectiveness of GEMS's threat detection content, reducing false positives, and automating alerts to enable GEMS analysts to focus on other critical areas of threat detection and response. Continuously review all operational cyber threat detection alert logic to ensure the logic will detect the malicious activity as intended. Lead a coordinated review for deprecation of all cyber thread detection alert logic which is no longer operationally relevant to the defense of Deloitte. Develop, maintain and keep current a system of record for all operational and deprecated cyber threat detection alert logic. Oversee the coordination of all activities related to the use and health of all operational cyber threat detection alerts within our SIEM and leveraged by GEMS's operations. Develop, maintain, and provide training on a process that effectively triages false positive alert spikes to prevent analyst fatigue and distraction which could lead to missing a true positive in the noise. Identify opportunities for improved cyber threat detection alerts. In coordination with the incident response, threat intelligence, engineering and GEMS team, improve and develop new content based on observed threat detection and response operations. Make recommendations to GEMS process teams for improved cyber investigation steps and best practices. Be responsive to GEMS's managers' requests for information related to cyber threat detection alert logic. Be responsive to GEMS's analysts need for support related to cyber threat detection alert logic. Mentor GEMS analysts and managers on cyber threat detection alert logic.

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Employer will accept a Bachelor's degree, or foreign equivalent degree, in Computer Science, Business Administration, Electronics Engineering, or related field and two (2) years of experience in the job offered or in an Information Security Analyst; IT Application Developer; or Technical Associate-related occupation.

Position requires 24 months of experience in the following special skills:

1. Perform cyber threat analysis and incident response across threat detection, investigation and initiate proper response actions using technologies including Splunk, Microsoft O365, Azure AD, Crowdstrike, BeyondTrust, ServiceNow SecOps, and Threat Grid.
2. Investigate cyber incidents from events triggered by IDS/IPS, Firewall, Proxy, endpoint protection devices, and other reports of unexpected network activity.
3. Work with cybersecurity operations and cybersecurity frameworks including Cyber Kill Chain, MITRE ATT&CK, Diamond Model, and NIST (The National Institute of Standards and Technology) Cybersecurity Framework.
4. Apply security frameworks to design and implement cybersecurity controls that protect against threats and mitigate risks.
5. Test and validate cyber threat detection alerts within Splunk and ensure alerts are effective in detecting and responding to potential threats while avoiding the generation of false positives or missing legitimate threats.
6. Review security content in Splunk to identify areas of improvement and ensure the content is effective in detecting and responding to threats.
7. Create, maintain, follow detailed operational processes and procedures to analyze, escalate, and support the remediation of critical information security incidents.
8. Coordinate with multiple teams to implement new or enhanced content using security applications including Splunk, Azure DevOps, ServiceNow SecOps, Crowdstrike, and BeyondTrust.
9. Manage cyber incidents up to the preliminary forensics processes.

*100% remote working permitted.

*Up to 5% Domestic and International travel required

EOE

Deloitte Global is required by local law to include a reasonable estimate of the compensation range for this role for individuals applying to work in our New York, NY location. This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and delivery model. We would not anticipate that the individual hired into this role would land at or near the top end of the range, but such a decision will be dependent on the facts and circumstances of each case. A reasonable estimate of the range is [$133,800 - $140,490 / year] for individuals applying to work in this location.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

XBAL24FB1124NYC323