Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Security Information and Event Management (SIEM)

Good to have skills :

NA

Minimum

3

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: The SOAR/SIEM Engineer will be responsible for designing, implementing, optimizing, and maintaining security monitoring and automation capabilities across the organization. The role requires deep technical expertise in SIEM architecture, log onboarding, use case creation, and SOAR automation workflows to improve the efficiency and effectiveness of the SOC. Roles & Responsibilities: -Design, deploy, configure, and maintain SIEM platforms (e.g., Splunk, Tines) -Onboard and normalize log sources across applications, infrastructure, cloud, network, and security tools. -Develop advanced correlation rules, detections, dashboards, threat models, and reports. -Perform SIEM health monitoring, performance tuning, capacity planning, and patch/upgrade activities. -Ensure data quality, parsing accuracy, and optimal log ingestion strategies. -Design and build automation playbooks using SOAR platforms Tines. -Integrate SOAR with SIEM, EDR, NDR, threat intel platforms, ticketing tools, and email gateways. -Automate repetitive SOC tasks such as enrichment, triage, containment, notifications, and ticketing. -Maintain and optimize playbooks for reliability, performance, and security. -Conduct testing, versioning, and documentation for all automation workflows. -Translate threat intelligence, MITRE ATT&CK mapping, and risk scenarios into actionable use cases. -Design detection logic leveraging logs, network data, endpoint telemetry, and user behavior analytics. -Conduct periodic detection tuning and false positive reduction. -Support threat hunting and purple team exercises by validating detection coverage. -Work closely with SOC Analysts to understand requirements and improve detection and response processes. -Assist during incident investigations with log analysis and technical guidance. -Provide escalation support for SIEM/SOAR-related issues. -Create and maintain technical documentation, SOPs, playbooks, and architecture diagrams. -Ensure compliance with internal and external cybersecurity standards and audit requirements. -Provide regular reports on engineering activities, automation outcomes, and detection metrics. Professional & Technical Skills: -Hands-on experience with Splunk (SIEM) and Tines (SOAR) -Proficiency in scripting languages (Python, PowerShell, JavaScript, Bash) for automation. -Knowledge of log formats (CEF, JSON, Syslog), parsing, regex, and data normalization. -Understanding of security technologies: firewalls, proxies, EDR, NDR, IAM, cloud security tools. -Knowledge of cloud environments (AWS, Azure, GCP) and their logging frameworks. -Familiarity with MITRE ATT&CK, cyber kill chain, and detection engineering frameworks. Additional Information: - The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM). - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education