Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Security Information and Event Management (SIEM) Operations

Good to have skills :

NA

Minimum

5

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: As the SOC L3 Analyst you will lead the technical handling of critical security incidents. You'll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities: -End-to-End Incident Response Ownership: Ability to handle incident lifecycle (detect, contain, remediate) -Subject matter expert for handling the escalated critical or actual true positive incidents. -CrowdStrike Deep Dive: Using Real Time Response (RTR), Threat Graph, custom IOA rules -Strong command over Sumo Logic SIEM content engineering: Creating detection rules, dashboards, and field extractions -Threat Hunting: Behavior-based detection using TTPs -SOAR Automation: Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike -Threat Intel Integration: Automation of IOC lookups and enrichment flows -Forensic Skills: Live host forensics, log correlation, malware behavioral analysis -Deep experience in advanced threat detection and incident response -Scripting Proficiency: Python, PowerShell, Bash for automation or ETL -Error Handling & Debugging: Identify and resolve failures in SOAR or data pipelines -Proficiency in CrowdStrike forensic and real-time response capabilities -Experience Sumo Logic SOAR for playbook optimization -Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams -Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR) -Conduct detailed log analysis and anomaly detection in Sumo Logic -Customize or create new detection rules and enrichments in SIEM -Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment -Perform root cause analysis and support RCA documentation -Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing -Generate post-incident reports and present findings to leadership -Lead investigations and coordinate response for major incidents -Perform root cause analysis and post-incident reviews -Develop advanced detection content in Sumo Logic -Optimize SOAR playbooks for complex use cases -Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy -Build custom dashboards, alerts, and queries aligned with SOC use cases -Create and maintain field extractions, log normalization schemas, and alert suppression rules -Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike) -Monitor log health and alert performance metrics; troubleshoot data quality issues -Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections -Participate in continuous improvement initiatives and tech upgrades -Conduct playbook testing, version control, and change documentation -CrowdStrike: Custom detections, forensic triage, threat graphs -SIEM: Rule creation, anomaly detection, ATT&CK mapping -SOAR: Playbook customization, API integrations, dynamic playbook logic -Threat Intelligence: TTP mapping, behavioral correlation -SIEM: Parser creation, field extraction, correlation rule design -Scripting: Python, regex, shell scripting for ETL workflows -Data Handling: JSON, syslog, Windows Event Logs -Tools: Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR -Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information: - The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education