Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Security Information and Event Management (SIEM)
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary: SIEM Engineer with expertise in Splunk to support the deployment, configuration, and ongoing maintenance of the Splunk platform in support of our Cyber Defense and Security Operations. The ideal candidate will help in developing use cases, onboarding log sources, fine-tuning alerts, and ensuring optimal performance of the SIEM environment Roles & Responsibilities: - Deploy, configure, and maintain Splunk infrastructure components (indexers, forwarders, search heads, etc.) - Onboard log sources from various platforms including network devices, endpoints, cloud, and applications. - Create, optimize, and tune correlation rules and alerts to reduce false positives and improve threat detection. - Develop and maintain dashboards, reports, and visualizations for different stakeholders including SOC, IT, and leadership teams. - Perform root cause analysis and troubleshooting of SIEM-related issues. - Design and implement custom Splunk queries and SPL scripts to support detection and investigation. - Collaborate with Security Operations Center (SOC), Threat Intel, and IR teams to improve detection and response capabilities. - Support the integration of SOAR for automation of repetitive security tasks and response actions. - Participate in threat hunting and red/blue team exercises using Splunk. - Ensure Splunk platform is compliant with internal governance and regulatory requirements (e.g., PCI, HIPAA). - Maintain documentation for use cases, onboarding procedures, and dashboards Professional & Technical Skills: - Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). - 5–7 years of experience in Cybersecurity with at least 4+ years hands-on with Splunk. - Strong knowledge of Splunk Enterprise and Splunk Enterprise Security (ES). - Proficient in SPL (Search Processing Language). - Familiarity with security frameworks like MITRE ATT&CK, NIST, or ISO27001. - Experience integrating threat intelligence feeds and IOC sources. - Understanding of network protocols, logs, firewalls, IDS/IPS, endpoint security, and cloud platforms (AWS, Azure). - Experience with SOAR tools (e.g., Splunk SOAR, Phantom) is a plus. - Splunk certifications (e.g., Splunk Core Certified User/Power User/Admin) preferred Additional Information: - The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM). - This position is based at our Bengaluru office. - A 15 years full time education is required. - Experience with cloud-native logging solutions (e.g., AWS CloudTrail, Azure Sentinel). - Knowledge of scripting languages (Python, PowerShell, Bash). - Exposure to ITSM tools (e.g., ServiceNow) for incident tracking. - Ability to work in a 24x7 security operations environment (if required).