Security Architect

Project Role : Security Architect

Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills : Security Information and Event Management (SIEM)

Good to have skills : NA

Minimum 3 year(s) of experience is required

Educational Qualification : 15 years full time education

Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities: -Experience in cybersecurity or IT infrastructure, with 2+ years hands-on Splunk engineering -Good experience in Splunk Search Processing Language (SPL) for creating complex queries, dashboards, alerts, and reports -Good experience in creating, testing, and tuning detection content for security use cases -Experience in onboarding and parsing logs from various sources (e.g., firewalls, EDRs, cloud platforms, applications) -Experience in data models (CIM), field extractions (regex), and knowledge objects (lookups, macros, tags) -Experience in designing and optimizing index structures, data retention policies, and storage performance -Ability to work with stakeholders from security operations, threat intel, and infrastructure teams -Strong documentation, version control, and lifecycle management for detection rules and dashboards -Experience integrating SOAR platforms with Splunk (e.g., Splunk SOAR, XSOAR) -Familiarity with Splunk Enterprise Security (ES) and its correlation framework -Exposure to MITRE ATT&CK mapping for content standardization Professional & Technical Skills: -Design, implement, and maintain search queries, correlation rules, and dashboards aligned with business and threat requirements -Tune existing alerts and rules to reduce false positives and improve detection fidelity -Map detection content to frameworks such as MITRE ATT&CK and compliance standards -Onboard new log sources across endpoints, cloud, infrastructure, and applications -Monitor log sources reporting into Splunk SIEM and identify log sources that fail to report in accordance with the security operation runbooks -Log source parsing issues troubleshooting and resolution. -Write and maintain custom field extractions, transforms, and other configurations -Optimize searches, reduce duplication, and ensure compliance with search head clustering best practices -Build real-time and scheduled dashboards to support SOC, compliance, and leadership visibility -Use lookups, macros, and scheduled reports to enrich alerts and enable decision-making -Participate in use case governance processes and maintain runbooks/playbooks -Review and approve content changes submitted by junior team members -Strong foundational understanding of security operations, threat landscapes, and log analysis -Excellent written and verbal communication skills for working with both technical and business stakeholders -Provide Splunk SIEM and SOAR (Tines/ Palo Alto XSOAR) support along with coordinating with Vendor when required. -Splunk SIEM: Rule creation, anomaly detection, ATT&CK mapping -SOAR: Playbook customization, API integrations, dynamic playbook logic -Threat Intelligence: TTP mapping, behavioral correlation -Splunk SIEM: Parser creation, field extraction, correlation rule design -Scripting: Python, regex, shell scripting for ETL workflows -Data Handling: JSON, syslog, Windows Event Logs -Splunk SIEM Detection Engineering, Content development and platform support -EXp in SOC including 2+ in SIEM Content Engineering /Platform Support. Additional Information: - The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM). - This position is based at our Bengaluru office. - A 15 years full time education is required.