Deloitte Cyber understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful insights to help our clients navigate the ever-changing threat landscape and technology transformation as we partner with clients to strengthen their security posture.
As a Consultant, you will support the design, development, and optimization of security orchestration, automation, and response (SOAR) solutions across client environments. You will work with security operations teams to automate workflows, improve incident response processes, and enhance operational efficiency through platform integrations and playbook development. This role offers the opportunity to contribute to AI-enabled security automation capabilities that help organizations scale and mature their cyber operations.
Work you'll do
As a Consultant on the Cyber Operate team, you will be responsible for:
- Designing, developing, and maintaining SOAR playbooks for alert triage, investigation, enrichment, and response activities
- Integrating SOAR platforms with security and enterprise tools, including security information and event management (SIEM), endpoint detection and response (EDR), threat intelligence, ticketing, email, identity and access management (IAM), firewall, and cloud security platforms
- Collaborating with security operations center analysts, incident responders, and engineering teams to identify automation opportunities and improve response workflows
- Troubleshooting and enhancing playbooks, connectors, integrations, dashboards, reports, and operational metrics to improve reliability, performance, and automation outcomes
- Supporting AI-enabled SOAR use cases, including AI-assisted playbook development, alert triage, incident summarization, and decision support within governed workflows
The team
Cyber Operate teams manage clients' critical cyber assets either as a fully managed service or in partnership with clients. They deliver skilled talent, cutting-edge technologies, and robust processes to operate client cyber capabilities. This includes managing the identity lifecycle, security operations, threat intelligence, application security, business transformation, and ensuring continuous compliance. Services include Cyber-as-a-Service, Managed Application Security, and Managed Extended Detect & Respond (MXDR).
Location: Bengaluru/Hyderabad/Pune/Chennai/Gurugram/Kolkata
Shift Timings: 2:00 PM to 11:00 PM IST
Qualifications
Required:
- 4+ years of experience in cybersecurity
- Experience with SOAR platforms such as Cortex XSOAR, Splunk SOAR, Swimlane, IBM Resilient, or Tines
- Experience with security operations center processes, security information and event management (SIEM) workflows, incident response, and case management
- Experience integrating application programming interfaces (APIs), webhooks, and third-party security tools into automation workflows
- Experience with scripting or automation languages such as Python, PowerShell, Bash, or JSON-based workflow logic
- Knowledge of one or more security domains, including endpoint, email, identity, network, cloud, or threat intelligence
- Bachelor's degree in Computer Science, Cyber Security, Information Security, Engineering, or Information Technology
Preferred:
- Experience with cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) and their security services
- Familiarity with MITRE ATT&CK, threat detection engineering, and response orchestration practices
- Experience with ticketing or information technology service management (ITSM) tools such as ServiceNow or Jira
- Security, automation, or vendor platform certifications
- Experience with AI-enabled SOAR capabilities, including AI-assisted playbook generation, natural language automation building, or machine learning-based alert triage
- Familiarity with large language model (LLM) concepts for security automation, including prompt engineering, incident summarization, and human-in-the-loop workflows
#Cyber_Cyber Operate
