Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.
Work you’ll do

Strategic

• Continually improves the service by identifying and correcting issues or gaps in knowledge capital (analysis procedures, plays, client network models), identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins and other “glue”

Operational

• Monitors sources of tip-offs for potential security incidents, health alerts with monitored solutions, and requests for information. This includes the monitoring of real-time channels or dashboards, periodic reports, email inboxes, help-desk or other ticketing system, telephone calls, chat sessions
• Follows incident-specific procedures to perform basic triage of said potential security incidents to determine their nature and priority and eliminating obvious false positives, process health alerts, and process requests for information
• Follows same procedures to perform light, timeboxed analyses of said potential security incidents, attempting to gather required information and eliminate false positives
• Depending on escalation guidance and same procedures, escalates potential security incidents to L2 Analysts, implements countermeasures in response to others, performs light tuning (e.g. whitelisting) and recommends additional tuning to L2 Analysts
• Documents all actions taken in a ticketing system
• Serve as a subject matter expert in at least one security-related area (e.g. specific malware solution, python programming)
• Provides shift status and metric reporting
• Supports weekly Operations calls Relationship Management
• Coordinates, where applicable, with supporting third party security service vendors to triage alerts, events or incidents
• Reports progress and escalating in a timely manner to the AMER Event Monitoring L2 Analyst
• Seeks self-improvement and enhanced value by documenting a self-education roadmap and pursuing advancement to an L2 Analyst
• Performs peer reviews and consultations with other L1 Analysts regarding potential security incidents

In this role you will:

• Perform initial analysis and investigation into security alerts upon arrival in the global ticketing system
• Proactively monitor internal networks and remediate incidences for over 400,000 Deloitte employees and 49 subsidiaries across the globe
• Utilize enterprise Security Information and Event Management (SIEM) and Endpoint Detection & Response (EDR) tools in accordance with in-house playbooks and standard operating procedures (SOPs)
• Identify and assist with the remediation of phishing campaigns as reported by Deloitte users
• Advance the Global Security Operations Center’s internal processes and training operations
• Work alongside international teams in compliance with industry standards
• Be an active participant in 24x7 operations within a Follow-the-Sun model and 9-hour shifts

The team
Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in “what is” but rather “what can be” to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Qualifications

• 5+ years of in-depth experience working in ArcSight and or SPLUNK experience
• Strong background in security incident response, system operations and threat intelligence
• BA or BS in Computer Science or Information Management and relevant work experience
• (2) or more relevant security certifications such as Certified Intrusion Analyst (GIAC), CISSP, Certified Ethical Hacker (CEH), Offensive Security Exploitation Expert (OSEE)
• Experience with the following technologies: leading SIEM technologies, EDR solutions; Knowledge of IDS/IPS, Ant Virus Solutions, network- and host- based firewalls, data leakage protection (DLP), web proxies, DNS, windows/Unix system administration.
• Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
• Thorough knowledge on malware analysis

Other Qualifications

• Certification include Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), CISSP, Certified Ethical Hacker (CEH), Certified Incident Handler (GCIH)
• Basic knowledge in programming languages such as Python, Java or Ruby.

Our culture
At Deloitte Global people are valued and respected for who they are - with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career.
Professional development
From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
Benefits
At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do-that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

LI-Hybrid Hybrid work, remote may be an optio

• Perform initial analysis and investigation into security alerts upon arrival in the global ticketing system
• Proactively monitor internal networks and remediate incidences for over 400,000 Deloitte employees and 49 subsidiaries across the globe
• Utilize enterprise Security Information and Event Management (SIEM) and Endpoint Detection & Response (EDR) tools in accordance with in-house playbooks and standard operating procedures (SOPs)
• Identify and assist with the remediation of phishing campaigns as reported by Deloitte users
• Advance the Global Security Operations Center’s internal processes and training operations
• Work alongside international teams in compliance with industry standards
• Be an active participant in 24x7 operations within a Follow-the-Sun model and 9-hour shift