Cyber
Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape. Through powerful insights and managed services that simplify complexity, we enable businesses to operate with resilience, grow with confidence, and proactively manage to secure achievements.
Position Summary
Level: Lead Solution Advisor
Work you’ll do:
As a SOAR Automation Developer, you will be part of the CDR Automation team. You need possess an understanding of Indicators of Compromise, characterization and forensic engineering of compromised systems, operations security, compliance, mitigation, and analysis through tools that detect advanced threats.
Develop automation playbooks using modern SOAR Platforms (for example, Tines, Splunk SOAR, Swimlane, Palo XSOAR) to support Security Operations
Design and Develop Integration solutions to other security appliances and not limiting to Exabeam, Chronical, Crowdstrike, Splunk ES by leveraging SOAR Platform
Test, customize and master APIs for off-the-shelf and common security and IT tools
Maintain a solid understanding of the Cyber Security Operation Center (people, process, SIEM technology), goals, and security initiatives
Identify and recommend operational improvements to the Deloitte Cyber Service, drawing on SOC operational experience and industry specific knowledge of risks
Manage any in scope solution projects (integration/ implementations)
Manage communications with vendors, 3rd party service providers, Deloitte leadership, and client personnel when required
Analyze complex issues to determine client impact and to suggest alternative solutions based on client needs and objectives
Adhere to internal operational security and other Deloitte policies
Contribute to team and organizational improvements in process and infrastructure
The Team:
Cyber Defense & Resilience teams assist clients in defending against advanced threats by transforming security operations, and by monitoring technology, data analytics, and threat intelligence. They help manage and protect dynamic attack surfaces and provide rapid crisis and cyber incident response, thereby ensuring that clients can be ready for, respond to, and recover from business disruptions. Examples of work include Operational Resilience, Crisis & Incident Response, and Security Operations Center Transformation. As part of Deloitte’s Cyber Defense & Resilience portfolio, our SecOps teams partner with clients to strengthen security operations and cyber resilience. We deliver end-to-end services—from strategic assessments and innovation workshops to implementing next-generation SIEM solutions—enabling proactive risk identification and mitigation across digital environments. Leveraging advanced analytics, AI-driven detection, and optimized data management, we provide continuous monitoring and rapid response to emerging threats. This integrated approach empowers organizations to build robust, future-ready security postures and confidently navigate an evolving cyber threat landscape.
Qualifications
Must Have Skills/Project Experience/Certifications:
Understanding of the Agile software development life cycle: Analysis, Design, Coding, Testing and promotion into Production.
5-7 years' work experience as a Functional Programming Language Developer (“Python or JavaScript Preferred”)
Understanding how modern software architectures works (client-server, Web technology, micro-services) Understanding of SOAR technologies (Security Orchestration and Automation Response) and should have hands-on experience in building playbooks and automations
Understanding of common network infrastructure devices such as routers and switches
Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
Basic knowledge of cloud infrastructure and operations, system security architecture, and security solutions
Strong programming experience solving technical challenges
Database technologies proficiency: SQL, NoSQL, or PostgreSQL
Understand multi-process architecture
Professional experience with Code Repositories and Version Control “GitHub Preferred”
Good to Have Skills/Project Experience/Certifications:
5+ years working in security information and/or technology engineering support experience
Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH) or equivalent
Experience with security operations technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, Advanced Persistent Threats (APT)
Strong understanding of threat analysis and enterprise level mitigation strategies and frameworks like
“MITRE”
Working knowledge of cyber threats, defenses, motivations, and techniques
Excellent interpersonal and organizational skills
Excellent oral and written communication skills
Strong analytical and problem-solving skills
Self-motivated to improve knowledge and skills
An ardent desire to understand the root cause of security incidents along with identification of threat vectors
Knowledge of web application frameworks: Flask, Django etc. for dashboard/ widget development
Education:
Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Engineering, or a related field
