Watch this video to learn more about Deloitte LLP
Job Details
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.
Recruiting for this role ends on May 31, 2026.
Work You'll Do
Cyber Data Engineer designs, builds, and operates security data pipelines that move and transform telemetry across the cybersecurity stack, with a strong emphasis on Cribl (preferred) and related integrations. This role is critical to ensure security data is reliably collected, normalized, routed, and delivered to downstream platforms (e.g., Enterprise Log Manager (ELM) / Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR)), enabling effective detection, response, and compliance reporting.
As security analytics needs to expand, the Cyber Data Engineer partners with system owners and security stakeholders to onboard sources, improve data quality, and ensure logging and monitoring objectives are met across both cloud and on-prem environments.
Key Responsibilities:
The Team
Deloitte's Government & Public Services (GPS) practice - our people, ideas, technology and outcomes - is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions.
The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals.
Qualifications
Required:
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $88,600 to $163,100.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
Recruiting for this role ends on May 31, 2026.
Work You'll Do
Cyber Data Engineer designs, builds, and operates security data pipelines that move and transform telemetry across the cybersecurity stack, with a strong emphasis on Cribl (preferred) and related integrations. This role is critical to ensure security data is reliably collected, normalized, routed, and delivered to downstream platforms (e.g., Enterprise Log Manager (ELM) / Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR)), enabling effective detection, response, and compliance reporting.
As security analytics needs to expand, the Cyber Data Engineer partners with system owners and security stakeholders to onboard sources, improve data quality, and ensure logging and monitoring objectives are met across both cloud and on-prem environments.
Key Responsibilities:
- Engineer and maintain security data pipelines (Cribl and/or equivalent) for ingestion, parsing, enrichment, filtering, routing, and delivery to ELM/SIEM and related platforms.
- Integrate event feeds using common transport patterns (e.g., syslog) and validate end-to-end data flow, timing, completeness, and correctness.
- Implement data transformations and normalization to support analytics and detection use cases (e.g., consistent fields, time alignment, source attribution).
- Operate and troubleshoot pipeline services, including performance tuning, backlog/latency reduction, and resilience/high-availability considerations.
- Collaborate with SIEM/ELM engineers, SOC (Security Operations Center) teams, and system owners to support onboarding, use-case enablement, and ongoing data quality improvements.
- Support detection and incident response automation by ensuring required data elements are present, consistent, and delivered to the right destinations.
- Create and maintain documentation (architecture/data flow diagrams, pipeline configurations, onboarding guides, SOPs, and troubleshooting runbooks).
- Participate in change control processes: implementation planning, testing/validation, and post-deployment verification.
The Team
Deloitte's Government & Public Services (GPS) practice - our people, ideas, technology and outcomes - is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions.
The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals.
Qualifications
Required:
- Bachelor's degree
- Ability to obtain Public Trust clearance.
- Ability to travel 25%, on average, based on the work you do and the clients and industries/sectors you serve
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
- 4+ years of experience in at least five or more of the following:
- Managing and engineering data pipelines (Cribl preferred; equivalent tools accepted).
- Solid experience with SIEM ingestion, data transformation, and platform integration.
- Hands-on experience integrating event feeds with ELM/SIEM systems using syslog (and related patterns).
- Proven ability to create and maintain pipeline and deployment documentation.
- Knowledge of threat/incident detection automation concepts in ELM/SIEM contexts (e.g., ensuring telemetry supports correlation and alerting).
- Working knowledge of Splunk and familiarity with CrowdStrike Falcon platform features.
- Familiarity with both cloud and on-premises data environments.
- Strong problem-solving skills, technical writing/documentation discipline, and effective cross-team communication.
- Experience with data governance for security telemetry (data quality checks, schemas/standards, retention considerations).
- Scripting/automation experience to support pipeline operations and repeatable deployments.
- Experience supporting high-volume telemetry and multiple downstream destinations (security analytics, storage, compliance reporting).
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $88,600 to $163,100.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
Company Details
Deloitte LLP
New York City, NY, United States
Don't imagine what's next. Discover it. We provide industry-leading audit & assurance services, consulting, tax and advisory services to many of... Read more