About the Role

As a Security Architect at Accenture in Hyderabad, you will play a crucial role in defining and implementing robust cloud security frameworks and architectures. Your responsibilities will include ensuring these solutions align with business requirements and performance objectives, documenting the implementation of cloud security controls, and facilitating a smooth transition to cloud security-managed operations.

The role demands a deep understanding of security principles, with a strong emphasis on Security Information and Event Management (SIEM). You will be instrumental in validating escalated security alerts, enriching them with contextual data, and collaborating with L3 analysts to contain and remediate security incidents effectively. Furthermore, you will contribute to enhancing detection capabilities and supporting Security Orchestration, Automation, and Response (SOAR) initiatives.

This position requires extensive expertise in detection, investigation, containment, and remediation strategies, alongside excellent collaboration skills with various security, IT, and compliance teams.

Key Responsibilities

• Investigate security alerts escalated by L1 analysts to accurately determine their scope, impact, and root cause.
• Perform in-depth endpoint and network triage using SentinelOne.
• Utilize SentinelOne for detailed endpoint analysis and threat validation.
• Correlate data from multiple log sources within Splunk to trace and understand attacker activities.
• Enrich security events by integrating asset information, identity data, and threat intelligence.
• Document comprehensive investigation workflows, collected evidence, and final conclusions.
• Provide support to L2 analysts during major security incidents by conducting log or memory triage.
• Propose and implement improvements to alert logic and fine-tuning strategies.
• Conduct threat research specifically aligned with observed alert patterns and business context.
• Enhance alert fidelity by integrating threat intelligence and historical context.
• Document investigation findings clearly and communicate them effectively to relevant stakeholders.

Professional and Technical Skills

Core Requirements:

• Minimum of 2 years of experience in Security Information and Event Management (SIEM).
• Minimum of 2 years of experience in a Security Operations Center (SOC) or Incident Response (IR) role.
• Experience in 24x7 operational environments, shift-based operations, or critical infrastructure response.
• Experience investigating escalated alerts using SIEM or Endpoint Detection and Response (EDR) tools.
• Proficiency in taking necessary actions for incident containment, eradication, and recovery.
• Familiarity with identifying automation opportunities and collaborating with SIEM Platform Support teams for implementation.
• Experience with advanced threat detection and incident response.
• Experience in forensic analysis, including memory, file systems, and logs.
• Experience in cloud incident handling (AWS, Azure).

Specific Tool Proficiency:

• SentinelOne: Custom detections, forensic triage, threat graph analysis.
• Splunk SIEM (core + ES module): Log searching, monitoring, and alert investigation. Proficiency in writing SPL queries, creating dashboards, and providing fine-tuning recommendations.
• Endpoint Detection and Response (EDR) Deep Dive: Utilizing features like Real-Time Response (RTR), Threat Graphs, and custom IOA rules.

Technical Expertise:

• Understanding of malware, lateral movement techniques, privilege escalation, and data exfiltration patterns.
• Experience with threat intelligence integration, including automation of IOC lookups and enrichment workflows.
• Forensic skills including live host forensics and log correlation.
• Ability to define, update, and optimize Incident Response (IR) playbooks and workflows.
• Advanced dashboarding and business-focused metrics visualization in Splunk.

Certifications (Good to have):

• Splunk Certified Admin/ES Admin
• Microsoft SC-200
• SentinelOne EDR vendor training

Qualifications

Requires 15 years of full-time education.