InfoSec L2 SOC SME SIEM

Position Responsibilities

• Partner with onshore security teams to design, implement, and maintain security tools and capabilities that support the goals of the Information Security organization.
• Enhance and optimize the performance, scalability, and reliability of security operations, with a strong emphasis on SIEM content development, alert fidelity, and log coverage.
• Identify opportunities for improvement by analyzing existing security processes, tools, and workflows, and implement innovative solutions to address gaps in visibility or detection.
• Leverage SOAR platforms to automate repetitive tasks, enrich alerts, and accelerate incident response workflows within the SOC.
• Support the expansion and maturation of security capabilities, ensuring alignment with evolving business needs, regulatory requirements, and industry best practices.
• Collaborate across multiple Information Security functions, including Security Operations, Vulnerability Management, Threat Intelligence, and Security Awareness, to drive security initiatives.
• Monitor the effectiveness of implemented security detections and processes, and provide recommendations for continuous improvement.
• Assist in the integration and operationalization of new security tools and technologies within security monitoring workflows.
• Provide technical expertise and guidance to both onshore and offshore teams to ensure solutions and detections are implemented effectively and securely.
• Contribute to the development and maintenance of documentation, playbooks, and standard operating procedures for security monitoring tools and processes.
• Stay up-to-date with the latest security trends, vulnerabilities, and detection techniques to proactively address emerging threats.

Organizational Relationships

• Collaborates closely with onshore security teams, including Security Operations, Vulnerability Management, Threat Intelligence, and Security Awareness
• Works with cross-functional teams such as Infrastructure, Application Development, and Cloud Engineering to ensure seamless integration and operation of security tools
• Partners with Identity and Access Management teams to implement and maintain secure access controls
• Engages with external vendors and service providers to evaluate and integrate third-party security solutions
• Coordinates with internal stakeholders to align security initiatives with business objectives and compliance requirements

Education and Experience

Education

• University Degree in Computer Science or Information Systems is required
• MS or advanced identity courses or other applicable certifications is desirable, including:
• Certified Information Systems Security Professional (CISSP)
• Relevant certifications in infrastructure security and vulnerability management, such as:
• Offensive Security Certified Professional (OSCP)
• GIAC Certified Vulnerability Assessor (GCVA)
• Certified Ethical Hacker (CEH) are highly preferred

Experience

• A minimum of 6+ years of relevant experience with a strong background in security operations centers, threat intelligence, and security engineering
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health
• Experience working with global teams across multiple time zones
• Demonstrated ability to work within diverse technical teams

Technical Skills Requirements

• Strong knowledge of security tools and technologies, such as SIEM (e.g., Splunk, NextGen SIEM) and endpoint detection and response (CrowdStrike) solutions
• Proficiency in scripting and automation using languages such as Python, PowerShell, or Bash to streamline security processes
• Experience with cloud security tools and platforms (e.g., AWS, Azure, GCP) and securing cloud-native environments
• Solid understanding of network security concepts, including firewalls, IDS/IPS, VPNs, and zero-trust architectures
• Familiarity with identity and access management (IAM) solutions, such as Azure AD, Secret Server, and Sailpoint
• Knowledge of threat detection, incident response, and vulnerability management processes and tools
• Experience with container security and DevSecOps practices
• Strong understanding of encryption technologies, key management, and secure coding practices
• Ability to analyze and interpret security data to identify trends, vulnerabilities, and potential threats
• Familiarity with regulatory requirements and compliance standards (e.g., GDPR, HIPAA, PCI DSS)
• Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences

Physical Position Requirements

• Availability to work between

  1:00 PM IST to 10:00 PM IST

  (minimum 3 hours of daily overlap with US Eastern Time Zone)

• Full-time position