Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Security Information and Event Management (SIEM)
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: As the IR L3 analyst in 24x7 SOC, you will be the escalation point for all complex and high severity security incidents and lead the technical handling of critical security incidents. You’ll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as Sentinal One, Splunk SIEM. This role requires deep expertise in detection, investigation, containment, and remediation, as well as collaboration with multiple teams across security, IT, and compliance. Roles & Responsibilities: -End-to-End Incident Response Ownership: Ability to handle incident lifecycle (detect, contain, remediate) -Subject matter expert for handling the escalated high, critical or actual true positive incidents. -Identify opportunities for automation and work with SIEM Platform Support team for implementing it. -EDR Deep Dive: Using Real Time Response (RTR), Threat Graph, custom IOA rules -Proficiency in writing SPL queries, dashboards, correlation rules, and tuning use cases -Threat Hunting: Behavior-based detection using TTPs -Deep understanding of malware, lateral movement, privilege escalation, and exfiltration patterns -Threat Intel Integration: Automation of IOC lookups and enrichment flows -Forensic Skills: Live host forensics, log correlation, malware behavioral analysis -Deep experience in advanced threat detection and incident response -Scripting Proficiency: Python, PowerShell, Bash for automation or ETL -Proficiency in Sentinal One forensic and incident response capabilities -Playbook Development: Able to define, update, and optimize IR playbooks and workflows -Red team/purple team exposure -Forensic analysis (memory, file systems, logs) -Cloud incident handling (AWS, Azure) -Dashboarding: Advanced visualizations and business-focused metrics in Splunk -Certifications: Splunk Certified Admin/ES Admin, SC-200, or SOAR, Sentinal One EDR vendor training Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams -Perform endpoint forensic triage using Sentinal One -Conduct detailed log analysis and anomaly detection in Splunk -Perform log correlation in Splunk to trace attack patterns, scope, and impact. -Conduct deep-dive analysis into suspicious behaviors using SPL and custom dashboards -Use endpoint data, network logs, and threat intel to drive full-lifecycle incident handling -Isolate affected systems, coordinate containment with IT, and oversee recovery steps -Recommend and define automated workflows for triage, enrichment, and response -Perform root cause analysis and support RCA documentation. -Create or optimize Splunk detection logic to improve fidelity and coverage -Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing -Generate post-incident reports and present findings to leadership -Lead investigations and coordinate response for major incidents -Perform root cause analysis and post-incident reviews -Participating in continuous improvement initiatives -Conduct playbook testing, version control, and change documentation -Contribute to executive-level reports, RCA documents, and compliance metrics -Sentinal One: Custom detections, forensic triage, threat graphs -Splunk SIEM (core + ES module): Rule optimization, anomaly detection, ATT&CK mapping -Threat Intelligence: TTP mapping, behavioral correlation -Scripting: Python, regex, shell scripting for ETL workflows -Incident Response and Forensics SME Additional Information: - The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM). - This position is based at our Bengaluru office. - A 15 years full time education is required.