Job Requisition ID: 39987 

• We support flexibility and choice including flexible work arrangements and part-time options. ​
• Learn from the best in the business ​
• Recognition culture to celebrate milestones and discounts at hundreds of retailers​

What will your typical day look like?

Reporting to the Security Operations Centre (SOC) Team Lead, the L3 Security Analyst fills a leadership role in the Deloitte 24x7 SOC. Our mandate is to provide fully managed detection and response capability to a suite of international clients. The role will be part of the L3 escalation roster, providing first class incident response capability to identified threats and alerts using the latest tools, processes, and techniques.  

This senior role fills two critical functions in the SOC 

1. Incident Response - Acting as an escalation point for L1 and L2 SOC Analysts and a technical point of contact for our clients during Incident Responses both within and outside business hours. Using defensive measures and telemetry collected from a variety of sources to provide guidance to junior SOC members to identify, analyse, and report events that occur or might occur within client networks in order to protect information, information systems, and networks from threats.  
2. Lead a Capability area – Work with a dedicated subset of analysts to shape process and improve delivery outcomes for a select group of high profile clients. Enjoy flexibility to drive the agenda and move the needle on day to day operations. 
   
   

General tasks include:

• Act as an escalation point to ensure timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. 
• Analysis of security events from multiple sources including but not limited to events from the Security Information and Event Management tool, network intrusion systems and Host based Intrusion Prevention tools (EDR, AV, HIPS, Cloud app security) 
• Analyse identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. 
• Determine tactics, techniques, and procedures (TTPs) for intrusion sets. 
• Document incidents (including event history, status, and potential impact for further action) that may cause ongoing and immediate impact to the client or Deloitte's environment. 
• Collaborate with other L3s to ensure Threat Hunting, Threat Intel, Detections, Tuning and other L3 tasks are completed as required 
• Creation and tuning of detections in response to new or observed threats within customer environments 
  
  

About the team

Be part of the SOC leadership team, help make decisions that define our strategy, drive change and provide better services for our clients. Help us do something that really matters - keep Australian people and Australian companies safe – while enjoying work and the fast paced environment that rewards you for your efforts, encourages your ideas and recognises that work life balance is important. 

Enough about us, let’s talk about you.

You may have all or some of the following skills / experiences:

• Must be an Australian citizen and must be able to attain and maintain an Australian Federal Government security clearance at the NV1 level or higher.
• Knowledge of adversary tactics and techniques (Mitre ATT&CK Frameworks). 
• Knowledge of authentication, authorization, and access control methods. 
• Knowledge of basic cyber operations activity concepts (e.g., foot printing, scanning and enumeration, penetration testing, allow/deny listing). 
• Knowledge of common Forensics tool configuration and support applications (e.g., Volatility, Registry Recon, WireShark). 
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). 
• Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network). 
• Knowledge of virtual machine aware malware, debugger aware malware, and packing. 
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. 
• Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. 

Why Deloitte?  

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.  

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong. 

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team and personal commitments.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package. 

Next Steps

Sound like the sort of role for you? Apply now, we’d love to hear from you!

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.