Security Operations Center Architect

____________________________________________________________________________

- PLEASE SAVE WHATSAPP # +91 98114 11414 (Ashima)/ 9315248639 (Nishant)

- Ashima/ Nishant/Shreedevi is your POC from RexOreo Pvt Ltd.

-Queries : All emails will come from id : team@rexoreo.com , so please keep an eye.

_____________________________________________________________________________

Top Selection & Auto Elimination Criteria:

• Only Immediate joiners (0-30 days)

• Candidates Exprienced & Expert in ALL skills mentioned in "Must-Have Technical Skills " below in JDNeed to apply

• Mode : 4 days work from Office , 1 day WFH
• Relevant experiense range 10+ Years
• Position : L3 /L4 SOC Architect / Sr. SIEM Engineer
• Experience : 10-16 years

• Cab facility : No

• EMAIL @ team@rexoreo.com : A VOICE NOTE WHY YOU ARE FIT FOR THIS ROLE

___________________________________________________________________________

Job Title:

SOC Level 3/4 Architect, Engineering & End-to-End Deployment Specialist

About the Role

SOC Level 3/4 Architect and Engineering Specialist

Key Responsibilities

• Design, engineer, and deploy scalable SOC architectures (single-tenant and multi-tenant).
  
• Lead end-to-end SOC implementation from SIEM/SOAR setup, onboarding, parser development, and correlation rule creation to performance tuning and operational handover.
  
• Architect and execute SOC automation and orchestration frameworks.
  
• Manage high-EPS environments, platform migrations, and modernization initiatives.
  
• Develop detection use cases, correlation logic, dashboards, and executive reports.
  
• Integrate UEBA/EUBA and behavioral analytics for advanced threat detection.
  
• Implement and maintain SOC health monitoring, diagnostics, and performance tuning.
  
• Drive cross-team collaboration (Cloud, Network, Threat Intel, ITSM) to ensure full-stack visibility.
  
• Provide technical mentorship to SOC Level 1/2 teams and support delivery excellence.
  
• Document architectures, blueprints, SOPs, and operational workflows for ongoing governance.
  

Must-Have Technical Skills :

• SOC Architect / SOC Engineering Lead / SIEM Architect / SOAR Architect / SOC Platform Engineer
  
• End-to-end SIEM deployment, SOC implementation specialist
  
• SOC automation and orchestration
  
• Multi-tenant SOC architecture and MSSP SOC design
  
• High EPS optimization, SOC migration, and modernization
  
• SIEM architecture blueprint and SOC health monitoring framework
  

SIEM Implementation, Onboarding & Parsing

• Microsoft Sentinel deployment, FortiSIEM implementation, IBM QRadar engineering, Splunk Enterprise Security deployment, Elastic SIEM
  
• SIEM onboarding and parser creation
  
• Log source integration and mapping, custom parser development
  
• Field extraction and normalization, custom connector / API ingestion
  
• Correlation rule creation and tuning, alert noise reduction
  
• SIEM content optimization, event pipeline monitoring and troubleshooting
  

SOAR Orchestration & Automation

• SOAR Engineer / Architect
  
• Cortex XSOAR, FortiSOAR, Microsoft Sentinel Automation
  
• Playbook design and customization, runbook automation
  
• Incident response workflow automation
  
• Custom connector development, integration with ITSM tools (ServiceNow, Jira)
  
• Threat enrichment automation, SOAR troubleshooting and optimization
  
• Python scripting for SOAR
  

EUBA / Behavioral Analytics

• User and Entity Behavior Analytics (UEBA/EUBA) configuration and tuning
  
• Behavior analytics modeling and insider threat detection
  
• Behavioral anomaly detection and adaptive thresholding
  
• Risk scoring models and entity context correlation
  
• MITRE ATT&CK mapping for behavioral analysis
  

Content Management (Use Cases, Rules, Detections)

• Detection engineering and use case development
  
• Detection rule lifecycle management and rationalization
  
• MITRE ATT&CKbased content design
  
• TTP and IOC-based correlation
  
• Detection optimization and enrichment using threat intel
  
• SOC use case library management
  

Dashboards, Reporting & Visualization

• SOC dashboard creation
  
• Microsoft Sentinel workbooks, Splunk dashboards and reports
  
• SOC KPI and SLA reporting
  
• Threat visibility dashboards, executive and operational reports
  
• KQL and SPL query optimization
  
• Compliance dashboards
  

Troubleshooting, Optimization & Platform Health

• SIEM troubleshooting and diagnostics
  
• Parser and connector troubleshooting
  
• Playbook debugging and optimization
  
• Platform performance tuning and alert latency troubleshooting
  
• EPS load balancing and data quality validation
  
• Pipeline health monitoring
  
• SOAR / SIEM connector health management
  

Technical Language, Tools & Querying

• Python and PowerShell scripting
  
• KQL (Kusto Query Language), SPL (Splunk Processing Language), Regex for parsing
  
• API integration and JSON handling
  
• Linux and Windows log analysis
  
• Azure, AWS, and GCP security monitoring
  
• Containerized SOC setup (Docker, Kubernetes)
  
• DevOps for SOC (Terraform, CI/CD)
  

Good-to-Have / Preferred Technical Skills:

SOC Architecture & Design Consulting

• SOC design documentation
  
• End-to-end SOC blueprint creation
  
• SOC consulting and optimization
  
• SOC maturity roadmap design
  
• SOC process automation and orchestration
  
• SOC onboarding framework
  
• SOC service scalability planning
  

Cloud, DevOps & Automation

• Azure Logic Apps integration
  
• Terraform for SOC deployment
  
• Ansible automation in SOC
  
• CI/CD pipeline for playbooks
  
• Infrastructure as Code (IaC) for SOC setup
  
• Cloud-native SOC deployment (Azure, AWS, GCP)
  

Threat Intelligence & Detection Integration

• Threat intel feed integration
  
• STIX/TAXII feed ingestion
  
• IOC enrichment and correlation
  
• ThreatConnect / MISP / Anomali
  
• Adversary emulation and simulation
  
• Threat hunting automation with SOAR
  

Detection Engineering & Analytics

• Threat hunting hypothesis development
  
• Data science-driven detections
  
• Behavioral model validation
  
• Detection efficiency metrics (MTTD, MTTR)
  
• Anomaly-based detection tuning
  

Other Required Skills :

Security Frameworks & Governance

• MITRE ATT&CK, NIST, Cyber Kill Chain
  
• SOC2, ISO 27001, PCI DSS compliance
  
• Regulatory and audit reporting
  
• SOC KPI / KRI dashboards
  
• Operational process documentation
  

Communication, Leadership & Delivery

• Client-facing technical workshops
  
• SOC implementation training
  
• Runbook and SOP creation
  
• Cross-team coordination (Network, Cloud, ITSM)
  
• Mentoring SOC L1/L2 teams
  
• Stakeholder communication for SOC deployment
  

Experience & Qualifications

• Experience:

  815 years in SOC architecture, engineering, or platform deployment.

• Expertise:

  Hands-on leadership in at least two SIEM/SOAR platforms (Sentinel, Splunk, QRadar, FortiSIEM/FortiSOAR, etc.).

• Technical Strength:

  Proven experience in automation (Python, PowerShell), parser creation, rule tuning, and cross-platform integration.

• Projects:

  Demonstrated success in SOC modernization, migration, and large-scale deployment.

• Education:

  Bachelors or Masters in Computer Science, Information Security, or related discipline.

• Certifications (Preferred):

  Microsoft Sentinel Expert, Splunk Architect, Fortinet NSE, CISSP, GCIA, GCTI, or equivalent.