- Perform EDR configuration management, and troubleshooting, addressing complex issues and day to day operations management
- Onboard security log data sources and develop new and custom parsers
- Perform EDR platform architecture assessments and design reviews
- Deliver SIEM advisory support and education to other SOC and technology management personnel
- Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs)
- Keep abreast of latest IT security, regulatory and compliance trends to support various risk and data models
- Installation and removal of various EDR platforms
- Coordinate with Content Engineers to support advanced Use Case development (Use Case from Roadmap as well as hunting related Use Cases)
- Craft utilities to swiftly deploy Deloitte's EDR solution to a client network when no other EDR is present OR remove and replace if a different EDR already exists
- Review system security plans, network diagrams, and vulnerability and patching requirements
- Develop scripts to simplify data collection and automate data onboarding tasks
- Provide 24/7 on-call support (as needed)
- Mentor and train Deployment Specialists
- Coordinate with various technical groups and attend in-person client meetings
- Build relationships with client counterpart (i.e. Client Lead Security Manager)
- Adhere to internal operational security and other Deloitte policies
- Participate in short term project work as assigned
- Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
- 6+ years' experience in security information and/or technology engineering support.
- Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
- Knowledge of multiple EDR platform vendors such as CrowdStrike Falcon platform, SentinelOne, and Symantec Endpoint
- Extensive experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures
- Ability to script in multiple languages (Python, Powershell) to work with the APIs of multiple EDR vendors.
- Understanding of common network infrastructure devices such as routers and switches
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Detailed knowledge in system security architecture and security solutions
- Strong communication, interpersonal, analytical and problem-solving skills
- Travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice).
- Limited immigration sponsorship may be available.
- Excellent interpersonal and organizational skills
- Excellent oral and written communication skills
- Strong analytical and problem-solving skills
- Self-motivated to improve knowledge and skills
- A strong desire to understand the what as well as the why and the how of security incidents
- Knowledge on Crow
Matchlight Cyber Intelligence Collection Manager
Cyber Strategy PRISM Analytics and Insights Manager