CybersecurityJobs.io
← Back to all jobs

Job Description

Deloitte's Cyber Defense and Resilience team is seeking a Security Engineer III, SIEM Engineer to join a security operations program that emphasizes robust detection, rapid incident analysis, and content-focused improvements across large-scale environments. This role is based in Arlington, Virginia with optional remote work and requires an active Secret Clearance. The position offers a competitive salary range and the opportunity to work with leading SIEM technologies in a federal-enabled environment.

The following details outline the core responsibilities, requirements, technology stack, and benefits associated with the role.

Responsibilities

  • Configure, maintain, and optimize SIEM content, including correlation rules, alerts, dashboards, and reports
  • Analyze security events and log data to identify suspicious activity, support investigations, and improve detection coverage
  • Integrate and normalize log sources from endpoint, network, cloud, identity, and security platforms
  • Partner with cybersecurity teams to support use case development, threat detection, incident triage, and response activities
  • Document detection logic, operational procedures, and monitoring requirements to support consistent service delivery

Requirements

  • Bachelor's degree in computer science, Cybersecurity, Information Technology, Engineering, or related technical field
  • Active Secret Clearance
  • 3+ years of experience in cybersecurity, security operations, or SIEM engineering
  • 3+ years of experience with at least one of the following: Splunk, Palo Alto XSIAM, or Crowdstrike NG SIEM
  • Experience creating, tuning, and maintaining correlation searches, alerts, dashboards, and reports in a SIEM platform
  • Experience reviewing and analyzing logs from endpoint, network, cloud, identity, and application sources
  • Security certification such as Splunk certification, Palo Alto Networks certification, or CrowdStrike certification is required
  • Ability to travel up to 20% on average based on client needs
  • Willingness to work at client onsite or Deloitte office up to 5 days a week
  • Legally authorized to work in the United States without the need for employer sponsorship now or in the future

Technologies

  • Splunk
  • Palo Alto XSIAM
  • Crowdstrike NG SIEM
  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform

Benefits

  • Discretionary annual incentive program

Preferred

  • Experience supporting enterprise monitoring in a Security Operations Center
  • Experience onboarding and normalizing log sources in a SIEM platform
  • Experience mapping detections to MITRE ATT&CK techniques
  • Experience with cloud security monitoring in AWS, Azure, or Google Cloud Platform
  • Hands-on scripting or query language skills for detection and log analysis
  • Security certifications such as CompTIA Security+ or GIAC

Similar Jobs