Search all career opportunities

SIEM Content Specialist - Senior Consultant

Apply now

Apply for Job

Date Posted: Nov 15, 2021

Reference Code: 77450-en_US

Job Type: Permanent 
Primary Location: Vaughan, Ontario, Canada 
All Available Locations: Vaughan; Alma; Amos; Bas St-Laurent; Brossard; Burlington; Bécancour; Calgary; Chicoutimi; Dolbeau; Drummondville; Edmonton; Farnham; Fredericton; Gatineau; Granby; Grand-Mère; Halifax; Havre-Saint-Pierre; Hawkesbury; Jonquière; Kanata; Kitchener; La Baie; La Sarre; Langley; Laval; London; Markham; Matane; Mississauga; Moncton; Montreal; New Richmond; Niagara; Normandin; Ottawa; Prince Albert; Prince George; Quebec City; Regina; Rimouski; Roberval; Rouyn-Noranda; Saguenay; Saint John; Saint-Hyacinthe; Saskatoon; Sept-Îles; Shawinigan; Sherbrooke; St-Félicien; St. John's; Toronto; Trois-Pistoles; Trois-Rivières; Val D'Or; Vancouver; Victoria; Windsor; Winnipeg 

Be encouraged to deepen your technical skills…whatever those may be.
Partner with clients to solve their most complex problems.
Be part of a firm that leads the way and pushes themselves to look like contemporary Canada.

Your career is important to you. It's important to us, too. The time is right for you to join Deloitte.


Deloitte is committed to creating an environment that is inclusive and accessible to clients and employees of all abilities. We are dedicated to building a diverse workforce and encourage applications from all qualified candidates.


A career at Deloitte will offer you the opportunity to:

  • Work in a fast growing and exciting organization with professionals who are eminent in their respective field
  • Have challenging and interesting work in a team environment
  • Continue your development throughout your career to reinforce and expand your chosen career path


What will your typical day look like?

Position overview  

You are self-motivated, energetic, driven for success and results oriented.  Your knowledge of security devices, system administration, security operations processes, incident management, professional services and the firm will help you to support delivery and execution of managed security services offered by Deloitte.  You will also be a key player and part of a team providing world-class security operations capabilities for our clients and a capability aligned with our strategic direction and that helps the firm better deliver on new and existing engagements. This position will focus on supporting and maintaining the new and existing clients in the SOC.  Occasional travel to local clients will be required and there are also opportunities for travel nationally and globally if the candidate is interested. This position requires ability to obtain Government of Canada "Secret" security clearance.



  • Responsible for Content Development (rules, use cases, reports, queries, etc.) in SIEM (ArcSight, LogRhythm, Splunk, Sentinel and/or QRadar);
  • Research on threats, generate new rule/detection methodologies;
  • Generate and implement rules based on specific client requirements;
  • Tuning/testing of content to reduce false positives within the SIEM;
  • Create documentation (playbooks) of all content created;
  • Provide input, direction and strategic decisions to help drive content decisions within the SIEM;
  • Ability to assess the content as a result of changes in the client environment;
  • Providing reports on a monthly basis or ad hoc communicating the changes in the content in the SIEM platform;
  • Integrate threat intelligence from various sources into existing and new content;
  • Customize security content including filters/rules/report creation and vulnerability mapping;
  • Create presentation and participate on Workshops with clients to propose or present use cases;

About the team

Deloitte, one of Canada's leading professional services firms, provides assurance & advisory, tax, consulting, and financial advisory services through more than 8,000 people in 56 offices. Deloitte LLP, an Ontario Limited Liability Partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte operates in Quebec as Deloitte s.e.n.c.r.l., a Quebec limited liability partnership.

Enough about us, let’s talk about you

Basic Qualifications:

  • Diploma /  Degree in Information Security or equivalent experience at information security;
  • Minimum of three (3) years of experience working within information security;
  • Minimum of two (2) year of SIEM Content Development experience;
  • Experience with SIEM technologies (detection rule development): Sentinel and Splunk, desirable knowledge on other SIEM (such as ArcSight, LogRhythm, and QRadar);
  • Demonstrated experienced with threat research and develop new threat detection content;
  • Strong working knowledge of Security devices (IDS/IPS, Firewalls, Load Balancers, Routing & Switching etc.);
  • Knowledge on Sigma signature format;
  • Knowledge on Risk assessment, security assessment, Continuous monitoring, Kill chain, regulatory (e.g.: PCI, HIPAA, ISO27000 series) and threat landscaping;


Preferred Qualifications:

  • Three or more (3+) years of SIEM Content Development experience;
  • Advanced knowledge of security analytics, reporting and creative thinking;
  • Experience on working with Java, Python, PowerShell and Perl scripting;
  • Experience integrating new log sources, data correlation rules into the SIEM and DevOps;
  • Three or more (3+) years of experience within the information security field;
  • One or more (1+) years of experience with Security Operations and Incident response;
  • Professional certification (e.g.: CISA, CISSP, CISM, EnCE, ISACA, GIAC Certifications).

Why Deloitte?

Launch your career with The One Firm where you can make an impact that matters in a way that you never thought possible. With endless opportunities at every turn, and a culture built to support and develop our people to be the very best they can be, Deloitte is The One Firm for you to learn, grow, create, connect, and lead. We do this by making three commitments to you:

  • You will lead at every level: We grow the world’s best leaders so you can achieve the impact you seek, faster.
  • You can work your way: We give you the means to be flexible in how you need and want to work, and we have innovative spaces, arrangements and the mindset to help you be wildly successful.
  • You will feel included and inspired: We create a deep sense of belonging where you can bring your whole self to work.

The next step is yours

Sound like The One Firm. For You?

At Deloitte we are all about doing business inclusively – that starts with having diverse colleagues of all abilities!  We encourage you to connect with us at if you require an accommodation in the recruitment process, or need this job posting in an alternative format. We’d love to hear from you!

By applying to this job you will be assessed against the Deloitte Global Talent Standards. We’ve designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally.

Apply now

Apply for Job