Security Architect

Job Overview

Accenture is seeking a skilled Security Architect in Hyderabad. This role is crucial for defining and implementing robust cloud security frameworks and architectures that align with business objectives and performance goals. The position involves documenting the deployment of cloud security controls and ensuring a seamless transition to managed cloud security operations.

Key Responsibilities

• Define and architect cloud security frameworks that meet business requirements and performance targets.
• Implement and document cloud security controls.
• Oversee the transition of cloud security to managed operations.
• Investigate security alerts escalated from L1, determining scope, impact, and root cause.
• Conduct in-depth endpoint and network triage using SentinelOne.
• Perform endpoint analysis and threat validation with SentinelOne.
• Correlate multiple log sources in Splunk SIEM to identify and trace attacker activity.
• Enrich security events with contextual information, including asset, identity, and threat intelligence.
• Document investigation workflows, collected evidence, and final conclusions.
• Provide support to L2 analysts during major incidents through log and memory triage.
• Propose and implement improvements to alert logic and fine-tuning.
• Conduct threat research aligned with alert patterns and business context.
• Enhance alert fidelity by integrating threat intelligence and historical data.
• Document investigation findings and communicate them effectively to stakeholders.

Required Skills and Qualifications

• Minimum 2 years of experience in Security Information and Event Management (SIEM).
• Experience with SIEM platforms, particularly Splunk (core + ES module) for searching logs, monitoring, and investigating alerts.
• Proficiency in Splunk SPL query language, dashboard creation, and tuning.
• Experience with EDR solutions, specifically SentinelOne, including custom detections, forensic triage, and threat graph analysis.
• Skills in incident response and containment, including taking necessary actions to eradicate and recover from security incidents.
• Experience in alert triage and monitoring using SIEM or EDR tools.
• Familiarity with advanced threat detection and incident response techniques.
• Understanding of malware, lateral movement, privilege escalation, and exfiltration patterns.
• Experience in threat hunting using behavior-based detection and TTPs.
• Ability to integrate threat intelligence for IOC lookups and enrichment flows.
• Forensic skills, including live host forensics, log correlation, and malware behavioral analysis.
• Proficiency in SentinelOne's forensic and incident response capabilities.
• Experience in playbook development, updating, and optimization for incident response.
• Knowledge of cloud incident handling (AWS, Azure).
• Experience with advanced visualizations and business-focused metrics in Splunk dashboarding.
• 15 years of full-time education is required.

Preferred Skills

• Splunk Certified Admin/ES Admin
• SC-200 certification
• SentinelOne EDR vendor training

Work Environment

This role is based in our Hyderabad office. Experience in 24x7 environments, shift-based operations, or critical infrastructure response is beneficial.