Consulting Services, Engineering, Human Resources, Information Technology, Military, Research & Development
Job Description
Manager - AI SOC
As a Manager - Cyber Defense and Resilience, you will play a hands-on role in delivering security engineering solutions across client environments, with a focus on modernizing security operations through security information and event management, security orchestration automation and response, detection engineering, telemetry, automation, and artificial intelligence-enabled workflows. In this embedded, client-facing role, you will work directly with client stakeholders to understand operational pain points, design practical solutions, and deploy capabilities in live or near-live environments. You will help translate ambiguous requirements into production-ready workflows, integrations, detections, and automation outcomes.
Recruiting for this role ends on 06/30/2026.
Work you'll do
As a Manager - Cyber Defense and Resilience on the Cyber Defense & Resilience team, you will be responsible for:
Leading the design and implementation of secure, scalable security operations solutions across security information and event management, security orchestration automation and response, telemetry, case management, and response platforms
Serving as an embedded engineering lead with client teams to translate operational workflows and requirements into production-ready security capabilities
Overseeing the deployment of log ingestion, normalization, enrichment, routing, detection, and orchestration workflows using application programming interfaces, connectors, and data pipelines
Guiding the application of automation and artificial intelligence to security operations use cases such as triage assistance, workflow orchestration, alert summarization, and response recommendations
Mentoring junior practitioners and contributing reusable engineering assets, accelerators, and implementation patterns that support client delivery and practice growth
A successful candidate would possess these skills:
Ability to work independently and collaborate as part of a team
Effective written and verbal communication skills
Meticulous attention to detail and quality of work product
Ability to build and sustain professional relationships
Ability to lead projects or workstreams
Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
Strong interpersonal skills and professional demeanor
Ability to meet deadlines
Ability to mentor and provide clear guidance to others
The team
Deloitte's Cyber Defense & Resilience team helps clients defend against advanced threats by improving security operations, detection engineering, monitoring, automation, analytics, and threat intelligence capabilities. The team works with organizations to strengthen operational resilience, manage evolving attack surfaces, and improve readiness, response, and recovery through scalable engineering and transformation solutions.
Qualifications
Required:
Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent work experience
10+ years of experience in security operations, detection engineering, security engineering, or enterprise cyber defense
Hands-on experience designing, implementing, and optimizing security information and event management, security orchestration automation and response, detection, telemetry, and response workflows across one or more enterprise security platforms
Experience building and maintaining integrations, automations, and engineering workflows using Python or a similar scripting language
Experience working directly with clients or internal stakeholders to translate operational requirements into technical solutions
Ability to travel 50%, on average, based on the work you do and the clients and industries/sectors you serve.
Limited immigration sponsorship may be available.
Preferred:
Experience across multiple security platforms such as security information and event management, security orchestration automation and response, extended detection and response, attack surface management, threat intelligence platforms, endpoint detection and response, and case management tools
Experience with Amazon Web Services, Microsoft Azure, or Google Cloud, including security telemetry and cloud-native security services
Experience with threat hunting, cyber threat intelligence, or purple team collaboration
Experience applying artificial intelligence, machine learning, or large language model workflows to security operations, including orchestration, retrieval, evaluation, or human-in-the-loop response patterns
Experience with frameworks or tools that support artificial intelligence-enabled engineering workflows
Relevant industry certifications such as Security+, Global Information Assurance Certification Security Essentials, Global Information Assurance Certification Certified Intrusion Analyst, Global Information Assurance Certification Certified Incident Handler, Certified Information Systems Security Professional, Certified Cloud Security Professional, Splunk, cloud security, or related engineering certifications
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $134,500 to $265,100.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
