Security Architect

Summary:

As a SOC Analyst, you will conduct in-depth investigations of security alerts and confirmed incidents. Your responsibilities include validating escalated events using SentinelOne and Splunk SIEM, enriching them with context, and collaborating with L3 analysts for containment and remediation. You will also contribute to improving detection accuracy and supporting SOAR automation. This role demands deep expertise in detection, investigation, containment, remediation, and cross-functional collaboration with security, IT, and compliance teams.

Roles & Responsibilities:

• Investigate alerts escalated by L1 to determine scope, impact, and root cause.
• Perform in-depth endpoint and network triage using SentinelOne.
• Utilize SentinelOne for endpoint analysis and threat validation.
• Correlate multiple log sources in Splunk to trace attacker activity.
• Enrich events with asset, identity, and threat intelligence context.
• Document investigation workflows, evidence, and conclusions.
• Support L2 analysts during major incidents with log or memory triage.
• Suggest improvements for alert logic and fine-tuning.
• Conduct threat research aligned with alert patterns and business context.
• Enhance alert fidelity with threat intelligence and historical context.
• Document investigation findings and communicate with stakeholders.

Professional & Technical Skills:

• SentinelOne: Custom detections, forensic triage, threat graphs.
• Splunk SIEM (core + ES module): Log searching, alert monitoring, and investigation.
• Incident Response and SIEM Experience: 2+ years in SOC/IR, experience in 24x7 environments, shift-based operations, or critical infrastructure response.
• Alert Triage & Monitoring: Experience investigating escalated alerts using SIEM or EDR.
• Incident Response and Containment: Ability to take necessary actions to contain, eradicate, and recover from security incidents.
• Identify automation opportunities and work with SIEM Platform Support for implementation.
• EDR Deep Dive: Proficiency with Real-Time Response (RTR), Threat Graphs, and custom IOA rules in EDR solutions.
• Proficiency in writing SPL queries, creating dashboards, and providing fine-tuning opportunities.
• Threat Hunting: Behavior-based detection using TTPs.
• Good understanding of malware, lateral movement, privilege escalation, and exfiltration patterns.
• Threat Intel Integration: Automation of IOC lookups and enrichment flows.
• Forensic Skills: Live host forensics, log correlation, malware behavioral analysis.
• Good experience in advanced threat detection and incident response.
• Proficiency in SentinelOne forensic and incident response capabilities.
• Playbook Development/Updation: Ability to define, update, and optimize IR playbooks and workflows.
• Forensic analysis (memory, file systems, logs).
• Cloud incident handling (AWS, Azure).
• Dashboarding: Advanced visualizations and business-focused metrics in Splunk.
• Certifications: Splunk Certified Admin/ES Admin, SC-200, SentinelOne EDR vendor training.

Additional Information:

• Minimum 2 years of experience in Security Information and Event Management (SIEM).
• This position is based at our Hyderabad office.
• A 15-year full-time education is required.

Qualification:

15 years of full-time education.