Cyber Defense & Manager Microsoft Sentinel, EDR, XDR

Job description

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity.

Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape.

Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
Recruiting for this role ends on 12/31/2025.
Work you'll do
As a Manager, you will be at the front lines with our clients supporting them with their Cyber Defense and Resilience needs specifically helping them address Cloud Security concerns and navigate the journey to the Cloud on the Microsoft Sentinel Platform.

This will include:

+ Experience in leading the architecting, designing, and implementing the deployment of Cloud Services (Azure, AWS, GCP), Microsoft Sentinel, EDR, and XDR solutions to enhance clients' security posture.

+ Experience in forming KQL queries and functions for complex detection and monitoring requirements.

+ Expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration.

+ Ability to create clear and concise reports on security data and threats, including data visualization techniques.

+ Must have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework.

+ Assisting clients with migrating from existing SIEM solution (other platforms) to Microsoft Sentinel.

+ Expertise in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.

+ Must have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, and maintenance of local agents.

+ Expertise in integrating data sources which are not supported by Sentinel tool OOB.

Custom parser development and ability to solve technical issues in Sentinel must have requirements.

Experience with third-party data brokering service is a plus.

+ Experience with threat intelligence integration and UEBA (User and Entity Behavior Analytics) .

+ Experience with scripting and automation tools (e.g., PowerShell, Python, Terraform) for security operations


+ Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures.

+ Manage the development, implementation, and refined automation playbooks in Microsoft Sentinel.

+ Devise and document new procedures and runbooks/playbooks as directed.

+ Create cyber and threat hunting queries to enable the Intelligence team to conduct advanced investigations when required.

+ Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.


+ Experience in connecting native and third-party custom/SaaS applications with SIEM.


+ Understanding of basic networking protocols such as TCP/IP, DNS, HTTP

+ Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.

+ Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures.

+ Acting as a subject matter expert on cyber risk for the Microsoft Sentinel, EDR & XDR platforms.


+ Preference will be given for candidates completed Sentinel Ninja Level 400 Training and Certification.

+ Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.

+ Having knowledge and hands-on experience in Microsoft Defender XDR stack will be an added advantage.

+ Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.

+ Experienced in working with stakeholders to solve technical issues and to support and deliver complex business, security and operational requirements.

+ Ability to work with vendor technical support group and driving issues towards effective and permanent closure.

+ Executing on Cloud security engagements across the lifecycle - strategy, design, implementation, and operations.

+ Responsible for supervising the work of team members and supporting delivery teams and staff

+ Provide product best fit analysis to ensure end-to-end security covering different aspects of secure architecture e.g., layered security, zoning, API security, endpoint security, data security, logging

The team
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity.

Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape.

Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
Required:

+ 6+ years of experience in managing the technical consulting, client problem solving, architecting, and designing solutions around Microsoft Sentinel, EDR & XDR platforms

+ 6+ years of hands-on technical experience enterprise-with Microsoft Security management services (Microsoft Sentinel, Defender for Endpoint, Defender XDR, Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), , Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network and host-based firewalls, Threat Intelligence, Vulnerability Assessment, etc.)

+ 6+ years of hands-on technical experience implementing Microsoft Sentinel, EDR, XDR focused security solutions for Microsoft technologies

+ Limited immigration sponsorship may be available

+ Must be willing to travel 50%

Preferred:

+ BA/BS Degree preferred.

Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.

+ Certifications such as: Microsoft new roles-based certifications (eg.

SC 200), CCSP, CCSK, CISSP, CCNP, CCNA certification a plus

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.

At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.

A reasonable estimate of the current range is $130,800 - $241,000
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Required Skill Profession

Other General