Domain Architect - Security Analysis, SIEM
Bulgaria
Job Description
Domain Architect - Security Analysis, SIEM
Others, Sofia

Job Summary

 Job Title : Technical Architect (E4) Function : SOC Security Monitoring & Event Analysis Primary Purpose : Lead the technical design, expansion, integration, and maturity of the CPIT SIEM / monitoring capability while partnering with SOC analysts, SAP stakeholders, and service leadership.

Mandatory Tools : Splunk, Elastic, SAP Enterprise Threat Detection,(SAP ETD), ServiceNow, Jira, CP/IP, DNS, HTTP/S,VPNs, firewalls, proxies, SAP NetWeaver, Java,ABAP, NGINX, Kubernetes\\\\r\\\\n\\\\r\\\\nPreferred Tools : MISP, ThreatConnect, Anomali, CrowdStrike, SentinelOne, Carbon Black, Microsoft Defender for Endpoint, Wireshark, Zeek/Bro, Volatility, FTK, Autopsy, AWS/Azure/GCP security tooling, DevSecOps / security automation pipelines\\\\r\\\\n\\\\r\\\\nEducation and Certifications\\\\r\\\\n\\\\r\\\\n· Bachelor’s degree or equivalent in Computer Science, Information Security, Engineering, or a related discipline.\\\\r\\\\n\\\\r\\\\n· Relevant certifications strongly preferred, such as GIAC Certified Incident Handler (GCIH), Certified SOC Analyst (CSA), CompTIA Security+/CySA+, CEH, Microsoft SC-200, or cloud-security certifications.\\\\r\\\\n\\\\r\\\\n· Additional architecture / engineering certifications on SIEM, cloud, or platform security are advantageous.

Key Responsibilities

Own and drive technical projects that expand the maturity, scale, and effectiveness of the SIEM / security monitoring platform. · Translate monitoring requirements into detection scenarios, including trigger events, required data sources, alerting logic, correlation rules, response steps, and audit-ready documentation. · Partner with SOC operations to tune detection rules, improve signal quality, and reduce false positives without reducing meaningful coverage. · Lead or support onboarding of SAP and non-SAP applications into the CPIT SIEM, including technical design, data-source validation, stakeholder alignment, and documentation. · Provide SIEM application engineering support such as integrations, dashboards, content improvements, and monitoring enablement use cases. · Research technical dependencies, limitations, and workarounds across different technology stacks and document implementation decisions clearly. · Support forensic analysis and complex log investigations inside CPIT SIEM data, including SAP technology logs where required. · Integrate threat intelligence, automation opportunities, and security engineering best practices into the monitoring service. · Present onboarding / engineering progress and technical decisions clearly in governance forums and team meetings. · Contribute to KPI, SLA, and service reporting by enabling measurable monitoring use cases and sustainable operational handover.

Skill Requirements

: 7–10 years of relevant security / architecture experience aligned with E4 seniority. · Strong hands-on experience with SIEM platforms such as Splunk, Elastic, and/or SAP Enterprise Threat Detection. · Proven track record in SIEM content engineering, architecture, log onboarding, use-case design, and operationalization. · Good working knowledge of detection engineering, event triage principles, incident investigation support, and operational security monitoring. · Strong background in network protocols and technologies such as TCP/IP, DNS, HTTP/S, VPNs, firewalls, and proxies. · Experience with cloud, on-premises, and hybrid environments, and strong understanding of application technology stacks including SAP and non-SAP ecosystems. · Experience working with ticketing / workflow tools such as ServiceNow or Jira and with structured documentation / audit evidence. · Ability to work with cross-functional stakeholders and explain technical concepts clearly to operations, engineering, and management audiences.

Other Requirements

: Threat intelligence platform exposure (for example MISP, ThreatConnect, or Anomali). · Network forensics and packet analysis exposure (for example Wireshark or Zeek/Bro). · Container / Kubernetes security experience. · Familiarity with DevSecOps pipelines and security automation use cases. · Endpoint security knowledge across tools such as CrowdStrike, SentinelOne, Carbon Black, or Microsoft Defender for Endpoint. · Basic malware-analysis or digital-forensics awareness.

Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 227,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending March 2026 totaled $14.7 billion.