Manager — SecOps / AI FDE (Forward Deployed Engineer)
Engineering and Product | Security Engineering
Same job available in 19 locations
Atlanta, Georgia, United States
Boston, Massachusetts, United States
Charlotte, North Carolina, United States
Chicago, Illinois, United States
Dallas, Texas, United States
Denver, Colorado, United States
Detroit, Michigan, United States
Houston, Texas, United States
Jersey City, New Jersey, United States
Los Angeles, California, United States
McLean, Virginia, United States
Miami, Florida, United States
Morristown, New Jersey, United States
New York, New York, United States
Philadelphia, Pennsylvania, United States
San Francisco, California, United States
Seattle, Washington, United States
Tempe, Arizona, United States
Washington, District of Columbia, United States
Position Summary
Manager — SecOps / AI Engineer (Forward Deployed Engineer)
Our Deloitte Cyber team
Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions that help clients navigate the ever-changing threat landscape. Through managed services, engineering, and cyber transformation capabilities that simplify complexity, we enable clients to operate with resilience, grow with confidence, and proactively manage cyber risk.
The team
Our Cyber Defense & Resilience offering helps clients defend against advanced threats by transforming security operations, monitoring technology, detection engineering, automation, data analytics, and threat intelligence. We help manage and protect dynamic attack surfaces while improving readiness, response, and recovery across the cyber lifecycle.
Position Summary
As a Manager – SecOps / AI Engineer (Forward Deployed Engineer), you will play a critical hands-on role in delivering high-impact security engineering solutions across multiple client environments. This is a client-facing, embedded engineering role for someone who can work directly with client stakeholders, understand operational pain points, and rapidly design, build, and deploy solutions in live or near-live environments.
You will help clients modernize security operations by designing and implementing SIEM, SOAR, detection engineering, security telemetry, automation, and AI-enabled workflows across a range of security platforms and cloud environments. You will combine strong security engineering fundamentals with practical AI/automation skills to improve analyst efficiency, alert fidelity, response speed, and operational scalability.
As a Forward Deployed Engineer, you will serve as the bridge between client needs and technical execution — translating ambiguous requirements into production-ready workflows, integrations, detections, and automation solutions. You will work side by side with SOC teams, threat detection engineers, architects, and client leaders to deliver measurable operational outcomes.
Recruiting for this role ends on 5/31/2026
Key Responsibilities
Design and implement secure, scalable, and resilient security operations solutions across SIEM, SOAR, telemetry, case management, and response platforms in alignment with enterprise security policies and regulatory requirements.
Serve as a Forward Deployed Engineer, embedding with client teams to understand operational workflows, rapidly prototype solutions, and productionize capabilities in client environments.
Lead end-to-end deployment of log ingestion, normalization, enrichment, and routing pipelines using APIs, connectors, data pipelines, and event streaming technologies.
Collaborate with SOC analysts, threat hunters, and detection engineers to prioritize, develop, test, and tune threat detection content aligned to adversary behaviors and enterprise risk.
Translate SOC processes into automation playbooks and orchestration workflows to reduce alert fatigue, improve analyst productivity, and accelerate response.
Design and develop integrations between third-party enterprise systems and security platforms to support automated ingestion, enrichment, triage, investigation, and response.
Build and optimize case management and analyst workflow solutions that improve investigation quality, consistency, and operational metrics.
Apply AI and automation engineering techniques to enhance SecOps use cases such as triage assistance, alert summarization, knowledge retrieval, workflow orchestration, analyst copilots, and response recommendations.
Help define guardrails, testing approaches, and evaluation criteria for AI-enabled security workflows to ensure they are secure, reliable, and operationally useful.
Mentor junior practitioners in security engineering, automation development, and modern SecOps practices.
Stay current on cyber threats, attack techniques, detection strategies, AI engineering trends, and regulatory/compliance developments to continuously improve client security posture.
Contribute to reusable engineering assets, accelerators, implementation patterns, and internal eminence.
Required Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or related field, or equivalent work experience.
10+ years of experience in security operations, detection engineering, security engineering, or enterprise cyber defense.
Hands-on experience designing, implementing, and optimizing SIEM, SOAR, detection, telemetry, and response workflows across one or more enterprise security platforms.
Experience building and maintaining integrations, automations, and engineering workflows using Python or similar scripting languages.
Strong understanding of security operations concepts, including alerting, detection logic, incident triage, investigation, response, and case management.
Strong knowledge of security frameworks and attacker behavior models such as MITRE ATT&CK, Cyber Kill Chain, or similar.
Experience with log parsing, normalization, data transformation, and pipeline development across enterprise or cloud environments.
Familiarity with API integration patterns, event-driven architectures, and workflow orchestration.
Experience working directly with clients or internal stakeholders to translate operational requirements into technical solutions.
Ability to work in ambiguous environments, move quickly, and deliver practical solutions with strong engineering judgment.
Limited immigration sponsorship may be available.
Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve.
Preferred Qualifications
Experience across multiple security platforms such as SIEM, SOAR, XDR, ASM, TIP, EDR, and case management tools.
Familiarity with one or more cloud environments such as AWS, Azure, or Google Cloud, including security telemetry and cloud-native security services.
Experience with threat hunting, cyber threat intelligence, or purple team collaboration.
Familiarity with data pipeline and observability technologies used for ingestion, routing, and transformation.
Experience applying AI/ML or LLM-based workflows to security operations, including agentic orchestration, retrieval, prompt workflows, evaluation, or human-in-the-loop response patterns.
Familiarity with frameworks and tools that support AI-enabled engineering workflows, such as orchestration frameworks, model gateways, context protocols, or agent development kits.
Foundational knowledge of infrastructure and networking concepts such as IP networking, DNS, VPNs, firewalls, proxies, identity, and access control.
Experience across multiple vendor ecosystems rather than a single OEM platform.
Relevant industry certifications such as Security+, GSEC, GCIA, GCIH, CISSP, CCSP, Splunk, cloud security, or related engineering certifications.
Previous consulting or professional services experience preferred.
Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $102,500 - $188,900
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
#CDRCyber26
Deloitte is committed to providing reasonable accommodations for people with disabilities. If you require a reasonable accommodation to participate in the recruiting process, please direct your inquiries to the Global Call Center (GCC) at USTalentCICInbox@deloitte.com.
**Recruiting tips**
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
**Benefits**
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
**Our people and culture**
Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ways of thinking, ideas, and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.
Our purpose
Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Learn more.
**Professional development**
From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
As used in this posting, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see [www.deloitte.com/us/about](http://www.deloitte.com/us/about) for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Qualified applicants with criminal histories, including arrest or conviction records, will be considered for employment in accordance with the requirements of applicable state and local laws, including the Los Angeles County Fair Chance Ordinance for Employers, City of Los Angeles’s Fair Chance Initiative for Hiring Ordinance, San Francisco Fair Chance Ordinance, and the California Fair Chance Act. See notices of various fair chance hiring and ban-the-box laws where available. **Fair Chance Hiring and Ban-the-Box Notices | Deloitte US Careers**
Requisition code: 341078
Job ID 341078