Senior SOC Engineer

About the role

Deloitte’s Cybersecurity Tech Hub is looking for a Senior SOC Engineer to design, implement and maintain the technologies that power our Security Operations Center. You will work across cloud and on‑prem environments, ensuring the SOC can detect, analyse and respond to threats efficiently.

Key responsibilities

• Architect, deploy and maintain SIEM platforms; build data ingestion pipelines (Syslog, API, Event Hubs, Logstash, agents).
• Create and tune detection rules using KQL, SPL, AQL, EQL, Sigma and analytics queries.
• Administer and optimise EDR/XDR solutions, develop custom policies and monitor sensor health.
• Design SOAR playbooks, automate enrichment, triage and containment, and integrate with ServiceNow, Jira and firewalls.
• Integrate threat‑intelligence feeds (STIX/TAXII, MISP, Anomali) and collaborate with threat hunters, SOC analysts and DFIR teams.
• Maintain documentation, architecture diagrams and ensure compliance with ISO 27001, SOC 2 and NIST standards.
• Troubleshoot log ingestion, detection failures and platform performance; support purple‑team exercises and on‑call rotations.

Required profile

• Advanced knowledge of network protocols and system architectures (Linux, Windows).
• Strong experience with cloud platforms (AWS, Azure, GCP).
• Deep understanding of log sources, normalization, parsing and enrichment.
• Proven expertise with SIEM, EDR/XDR and SOAR technologies.

Required skills

• SIEM platforms and query languages (KQL, SPL, AQL, EQL, Sigma).
• Log ingestion tools (Syslog, API, Event Hubs, Logstash, agents).
• EDR/XDR solutions.
• SOAR platforms and automation playbooks.
• ITSM tools (ServiceNow, Jira).
• Threat‑intelligence standards (STIX/TAXII, MISP, Anomali).
• Cloud services (AWS, Azure, GCP).
• Operating systems (Linux, Windows).
• Compliance frameworks (ISO 27001, SOC 2, NIST, MITRE ATT&CK).