T&T | Cyber : D&R | SIEM,QRADAR Admin | Deputy Manager | Gurgaon

• 
  

  Location:  Bangalore, Hyderabad, Mumbai

  
  

The team 

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Learn more about   Cybersecurity 

Your work profile 

• 
  

  As Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. 

  
  

• 
  

  Manage, maintain, and enhance our Google Chronicle SIEM and SOAR platforms, ensuring effective monitoring, detection, and response to security incidents.  

  
  

• 
  

  The candidate will have strong experience in Google Chronicle administration, detection engineering, and SOC operations to provide continuous security improvements, automation, and technical support to the SOC team. 

  
  

Key skills required: 

• 
  

  5+ years of experience in Security Operations, with 2+ years hands-on in Google Chronicle or Google SecOps platform. 

  
  

• 
  

  Chronicle Administration: Deploy, configure, and manage Google Chronicle SIEM components, including data ingestion pipelines, UDM parsers, detection rules, and retention configurations. 

  
  

• 
  

  Log Source Management: Integrate diverse log sources from cloud platforms (GCP, AWS, Azure), network devices, applications, and security tools (firewalls, EDR, DLP, etc.) ensuring proper ingestion and normalization. 

  
  

• 
  

  Detection Engineering: Develop, fine-tune, and optimize YARA-L rules and detection logic to identify malicious behaviors, mapping each to MITRE ATT&CK techniques. 

  
  

• 
  

  SOAR Automation: Design, implement, and maintain automated playbooks in Google SOAR (Siemplify) to streamline incident enrichment and response workflows. 

  
  

• 
  

  Threat Detection & Response: Collaborate with SOC analysts to investigate alerts generated by Chronicle, perform event correlation, and support incident triage and root cause analysis. 

  
  

• 
  

  Integration & Customization: Utilize REST APIs, BigQuery, and scripting to enhance Chronicle capabilities and integrate with complementary tools (ServiceNow, VirusTotal, CrowdStrike, Proofpoint, Zscaler, etc.). 

  
  

• 
  

  Performance Optimization: Monitor ingestion volumes, storage utilization, and system health to ensure optimal performance of Chronicle tenants in high-EPS environments. 

  
  

• 
  

  Dashboard & Reporting: Create analytical dashboards and management reports for visibility into detections, coverage, and SOC KPIs. 

  
  

• 
  

  Compliance & Governance: Ensure Chronicle operations and data retention align with enterprise and regulatory frameworks (ISO 27001, NIST CSF, RBI, GDPR, etc.). 

  
  

• 
  

  Troubleshooting & Maintenance: Diagnose and resolve Chronicle-related issues including ingestion delays, parser mismatches, and detection errors. 

  
  

• 
  

  Upgrades & Enhancements: Coordinate platform enhancements, API updates, and version rollouts in line with Google best practices and release cycles. 

  
  

• 
  

  Education: Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.