Apply on Employer Site

Deloitte · 8 hours ago

Lead Cyber Engineer

Raleigh, NC

Full-time

Hybrid

Senior Level, Lead/Staff

$93K/yr - $191K/yr

8+ years exp

Deloitte Technology US is a leader in providing innovative technology solutions, and they are seeking a Lead Cyber Engineer to support their Security Operations Center (SOC). This role involves identifying and addressing security concerns, supporting application patching, and developing process documentation while collaborating with various cybersecurity teams.

AccountingConsultingFinancial ServicesLegalProfessional ServicesRisk Management

Growth Opportunities

No H1B

Responsibilities

Maintain ticket management and DevOps activity tracking to ensure accurate work intake, prioritization, and status reporting

Monitor and communicate Microsoft product updates; assess and advise on impacts on the environment and customers

Build strong stakeholder relationships and provide timely end-user support with clear follow-through and resolution documentation

Create and maintain process documentation (runbooks, SOPs, workflows) to support consistent execution and knowledge transfer

Maintain and enforce change control and peer review processes to promote quality, security, and auditability

Align detection rules to current and emerging threats, leveraging external threat intelligence as appropriate

Identify and remediate detection gaps using the MITRE ATT&CK framework, based on business risk and priorities

Collaborate with Cybersecurity teams (e.g., Incident Response, Threat Intelligence, Engineering) to ensure cross-team alignment and coverage

Develop, tune, and support analytics/detection rules, including performance monitoring and optimization

Develop, maintain, and optimize playbooks/notebooks, including operational reliability and performance

Develop, maintain, and optimize Logic Apps, including operational reliability and performance

Develop, maintain, and optimize workbooks and dashboards to support detection engineering and SOC visibility

Support reporting needs tied to threat detection outcomes, metrics, and operational insights

Define and document required fields per data source to enable effective detection and investigation

Identify and remediate high-cost/expensive detections to improve signal-to-noise ratio and manage platform consumption

Design, build, and support automation solutions that improve efficiency, consistency, and time-to-response across security operations

Maintain strong SOC partnerships and provide support for SOC inquiries related to the Azure and Microsoft Defender portals, including troubleshooting and operational guidance

Qualification

SIEM AdministrationCyber SecurityCloud environmentsLinuxMS Sentinel SC-200Automation solutionsMITRE ATT&CK frameworkCommunication skillsCollaboration skills

Required

Bachelor's degree or equivalent in Computer Science, Computer Engineering, Business Administration

Minimum 8 years of various technology experience or 6 years with an advanced degree

Minimum 3 years' cyber security experience within SIEM Administration

Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

Ability to travel up to 10%, on average, based on the work you do and the clients and industries/sectors you serve

Preferred

MS Sentinel SC-200 badge

Cloud Fundamental Certificates

Ability to communicate network security issues to peers and lower management

Hands-on experience with Linux, working knowledge of Cloud environments, Azure O365, and SOC processes

An understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc