Security Engineer III, SIEM Engineer (Secret Clearance)
Deloitte · Baltimore, MD · 5 days ago
HybridEngineering$103k–$189k/yrFull-time
Job Summary
The Deloitte Cyber team supports businesses in navigating the evolving threat landscape through powerful solutions and managed services. We seek a SIEM Engineer to support security monitoring, detection engineering, and incident analysis across complex enterprise environments.
Responsibilities
- Configure, maintain, and optimize SIEM content including correlation rules, alerts, dashboards, and reports
- Analyze security events and log data to identify suspicious activity, support investigations, and improve detection coverage
- Integrate and normalize log sources from endpoint, network, cloud, identity, and security platforms
- Partner with cybersecurity teams to support use case development, threat detection, incident triage, and response activities
- Document detection logic, operational procedures, and monitoring requirements to support consistent service delivery
Qualifications
- Bachelor's degree in computer science, Cybersecurity, Information Technology, Engineering, or a related technical field
- Active Secret Clearance
- 3+ years of experience in cybersecurity, security operations, or SIEM engineering
- 3+ years of experience with at least one of the following: Splunk, Palo Alto XSIAM, or CrowdStrike NG SIEM
- 2+ years' experience in creating, tuning, and maintaining correlation searches, alerts, dashboards, and reports in a Security Information and Event Management platform
- 2+ years' experience reviewing and analyzing logs from endpoint, network, cloud, identity, and application sources
- 2+ years' experience supporting enterprise monitoring in a Security Operations Center
- 2+ years' experience onboarding and normalizing log sources in a Security Information and Event Management platform
- 2+ years' experience mapping detections to MITRE ATT&CK techniques
- 2+ years' experience with cloud security monitoring in Amazon Web Services, Microsoft Azure, or Google Cloud Platform
- Hands-on experience with scripting or query languages used for detection and log analysis
- Security certification such as Splunk certification, Palo Alto Networks certification, or CrowdStrike certification is required
Preferred Qualifications
- 2+ years' experience supporting enterprise monitoring in a Security Operations Center
- 2+ years' experience onboarding and normalizing log sources in a Security Information and Event Management platform
- 2+ years' experience mapping detections to MITRE ATT&CK techniques
- 2+ years' experience with cloud security monitoring in Amazon Web Services, Microsoft Azure, or Google Cloud Platform
- Hands-on experience with scripting or query languages used for detection and log analysis