Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are insatiably curious and life-long learners focused on technology and innovation.
Work you'll do
The Cybersecurity Engineer position supports the Fusion Center as an escalation point identifying and addressing potential Splunk content/level I and II engineering security concerns as this role serves as a point of escalation. This role is also responsible for supporting Security application(s) patching, content creation as requested from all stakeholders, and development of process documentation:
- Provide proficient knowledge of recognizing and onboarding new data sources into Splunk, analyzing the data for parsing purposes to make it CIM level 1 through 4 compliant, then building dashboards to fulfill stakeholder requirements.
- Provide skillful knowledge within a Linux environment, editing and maintaining Splunk configuration files and apps.
- Work with other Cybersecurity Engineering team members and will be required to interact with end users to gather requirements, perform troubleshooting, and aid with the creation of Splunk search queries and dashboards as required.
- Will be required interact with senior management, as necessary.
- Troubleshoot performance alerts from the Splunk infrastructure or Splunk agents
- Assist in the testing of vendor patches for all security applications the Engineering team operational support.
- Maintain the Cybersecurity Engineering group in ServiceNow and ensure all request and incident SLA's as met as required by our stakeholders.
- Document and update the Engineering Team's process and Data Ingestion procedures.
- Actively seek to improve and develop new content based upon observed security activity
- Provide excellent customer service, as we will be required to interact/work with other teams to complete our daily tasks.
Information Technology Services (ITS) helps power Deloitte's success. ITS is the engine that drives Deloitte, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,200 professionals in ITS deliver services including:
- Security, risk & compliance
- Technology support
- Relationship management
The Cyber Security team vigilantly protects Deloitte and client data. The team is responsible for a strategic cyber risk program which adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team protects the Deloitte brand.
- Bachelor's degree in Computer Science or Business Administration, or relevant educational or professional experience.
- 5 years of related experience including 2+ years Level 2 Engineering
- Splunk Admin certification
- Experience with Splunk Enterprise Security
- Experience with Splunk integration to AWS, Azure, and GCP
- Technical understanding of the following technologies: Splunk, IDS/IPS, network- and host- based firewalls, anti-virus software, data leakage protection (DLP), and IR Tracking tools such as Archer, Service Now.
- Hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration, Active Directory, Windows workstation, routers /switches management, firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, system vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or secure coding
- Sound judgment skills and ability to manage escalations.
- Determines methods and procedures on new assignments with minimal instruction
- Excellent interpersonal and organizational skills
- CISSP, CISA, CISM or like certification
- Azure, AWS, GCP security certifications
- Cylance Security Professional certification
- Experience with Splunk UBA and Data Models
- Experience with writing correlated searches
- Understanding of all Splunk backend components
- Operational experience with Security application(s) such as: Tanium, Cylance, Cisco Umbrella, RedLock, FireEye EX, Gigamon
- Knowledge in scripting. Python and PowerShell
- Knowledge of risk assessment tools, technologies and methods