Tier 3 Shift Manager

Cyber Security Cyber Risk Posted: 18-Feb-2022

Same job available in 4 locations

Alexandria, Virginia, United States

Arlington, Virginia, United States

Mclean, Virginia, United States

Rosslyn, Virginia, United States

Position summary:

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture? 

Want to make an impact that matters? Consider Deloitte Global.

Work you'll do

The Tier 3/Threat Hunting Shift Manager reports to the Event Monitoring (EM) Service Delivery Manager. The role focuses on managing, mentoring, and maturing the regional Tier 3/Threat Hunting team. Tier 3 enables successful GFC operations by supporting SOC operations as an advanced escalation point identifying and addressing potential information security incidents. As the Shift Manager you will be responsible to lead the threat hunting program in coordination with the other regional Tier 3 Shift Managers. In addition, you will prepare, manage, and support various degrees if cyber incident response by partnering with the GFC’s cyber incident response team and other teams. The Tier 3/Threat Hunting Shift Manager also serves as the mentor for multiple Threat Hunting, Event Monitoring, and Cyber Incident Response technologies. This is an operations manager role which will require flexibility, creativity, adaptiveness and the need to adjust working hours with little to no notice to enable the team’s ability to achieve successful operational outcomes.

Security Monitoring and Response 
  • Serve as the regional lead and point of escalation for Tier 1 and Tier 2 SOC analysts.
  • Lead, conduct and coordinate on daily global threat hunting activities and research relevant threat actors, attack vectors, and behaviors pertinent to our industries.
  • Lead, conduct, support and coordinate investigation, threat hunt, incident response, and other SOC activities with peers operating in other regional SOCs, and other Deloitte firms.
  • Team with the Global Fusion Center’s Global Cyber Incident Response (GCIR), Threat Intelligence, and Global Cyber Wargames teams. 
  • Team and coordinate with other Deloitte cybersecurity teams, IT teams and other Deloitte firms.
  • Continuous maintain and update threat hunt tactics and techniques, which can be shared with the security engineering teams, Global Incident Respond Teams, and Threat Intel teams.
  • Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the SOC team
  • Provide oversight and guidance to junior analysts
  • Fulfill AMER EM Senior Deliver Manager (SDM) responsibilities in the absence of the SDM
  • Perform advanced event and incident analysis, including baseline establishment and trend analysis.
  • Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
  • Responsible for identifying training needs for the junior analysts * Ensures that all identified events are promptly validated and thoroughly investigated
  • When necessary, and with the SOC Managers approval, devise and document new procedures
  • Identify opportunities for SOC system tuning.

What you'll be part of - our Deloitte Global Culture:

At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network.

In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark.

Who you'll work with:

The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte’s global network of firms around the globe.



  • Minimum of 5 years of combined experience in the Information Security / Cybersecurity domain with a focus on conducting Threat Hunting and/or experience conducting Cyber Incident Response
  • Experience managing and/or leading successful teams in an operational environment
  • Experience with the following technologies: leading SIEM technologies, EDR solutions, knowledge of IDS/IPS, antivirus solutions, network/host based firewalls, data leakage protection (DLP), web proxies, DNS, Windows and *Nix system administration, Netflow data, cloud computing, and virtualizations.
  • Possess extensive knowledge on network, endpoint, threat intelligence, as well as the functioning of specific applications or underlying IT infrastructure, and have experience with SIEM technologies, EDR solutions. * Strong background in security incident response, system operations and threat intelligence
  • Understanding of possible attack activities such as network reconnaissance probing/ scanning, DDOS, malicious code activity, etc.
  • Knowledge digital forensics (network and endpoints) processes, and knowledge on the usage of malware analysis and forensic tools, and memory forensics analysis.
  • Ability to hunt based on APT Tactics, Techniques, and Procedures (TTPs) in the enterprise network and in the host systems as required.
  • Ability to analyze malware, extract indicators, and create signatures in Yara, and develop detection rules based on the adversary's Tactics, Tactics, and Techniques (TTPs)

  • At least 2 years holding a management and leadership role
  • Demonstrate leadership skills and ability to manage teams and shifts of analysts effectively
  • Understanding of common network elements devices such as routers, switches.
  • Understanding of networking protocols such as IP, DNS, HTTP, FTP, SMTP etc. well-known ports, network assets, web traffic, protocols, basic requests such as HTTP/S, and the OSI model.
  • Foundation skills in Windows PowerShell and WMI
  • Willingness to flex working hours to critical high priority operational incidents.

How you'll grow:

Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible.

Benefits you'll receive:

Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do—that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters.

Corporate citizenship:

Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.