Job Summary
Job Title : Technical Architect (E4) Function : SOC Security Monitoring & Event Analysis Primary Purpose : Lead the technical design, expansion, integration, and maturity of the CPIT SIEM / monitoring capability while partnering with SOC analysts, SAP stakeholders, and service leadership.
Mandatory Tools : Splunk, Elastic, SAP Enterprise Threat Detection,(SAP ETD), ServiceNow, Jira, CP/IP, DNS, HTTP/S,VPNs, firewalls, proxies, SAP NetWeaver, Java,ABAP, NGINX, Kubernetes\\\\r\\\\n\\\\r\\\\nPreferred Tools : MISP, ThreatConnect, Anomali, CrowdStrike, SentinelOne, Carbon Black, Microsoft Defender for Endpoint, Wireshark, Zeek/Bro, Volatility, FTK, Autopsy, AWS/Azure/GCP security tooling, DevSecOps / security automation pipelines\\\\r\\\\n\\\\r\\\\nEducation and Certifications\\\\r\\\\n\\\\r\\\\n· Bachelor’s degree or equivalent in Computer Science, Information Security, Engineering, or a related discipline.\\\\r\\\\n\\\\r\\\\n· Relevant certifications strongly preferred, such as GIAC Certified Incident Handler (GCIH), Certified SOC Analyst (CSA), CompTIA Security+/CySA+, CEH, Microsoft SC-200, or cloud-security certifications.\\\\r\\\\n\\\\r\\\\n· Additional architecture / engineering certifications on SIEM, cloud, or platform security are advantageous.
Key Responsibilities
Own and drive technical projects that expand the maturity, scale, and effectiveness of the SIEM / security monitoring platform. · Translate monitoring requirements into detection scenarios, including trigger events, required data sources, alerting logic, correlation rules, response steps, and audit-ready documentation. · Partner with SOC operations to tune detection rules, improve signal quality, and reduce false positives without reducing meaningful coverage. · Lead or support onboarding of SAP and non-SAP applications into the CPIT SIEM, including technical design, data-source validation, stakeholder alignment, and documentation. · Provide SIEM application engineering support such as integrations, dashboards, content improvements, and monitoring enablement use cases. · Research technical dependencies, limitations, and workarounds across different technology stacks and document implementation decisions clearly. · Support forensic analysis and complex log investigations inside CPIT SIEM data, including SAP technology logs where required. · Integrate threat intelligence, automation opportunities, and security engineering best practices into the monitoring service. · Present onboarding / engineering progress and technical decisions clearly in governance forums and team meetings. · Contribute to KPI, SLA, and service reporting by enabling measurable monitoring use cases and sustainable operational handover.
Skill Requirements
: 7–10 years of relevant security / architecture experience aligned with E4 seniority. · Strong hands-on experience with SIEM platforms such as Splunk, Elastic, and/or SAP Enterprise Threat Detection. · Proven track record in SIEM content engineering, architecture, log onboarding, use-case design, and operationalization. · Good working knowledge of detection engineering, event triage principles, incident investigation support, and operational security monitoring. · Strong background in network protocols and technologies such as TCP/IP, DNS, HTTP/S, VPNs, firewalls, and proxies. · Experience with cloud, on-premises, and hybrid environments, and strong understanding of application technology stacks including SAP and non-SAP ecosystems. · Experience working with ticketing / workflow tools such as ServiceNow or Jira and with structured documentation / audit evidence. · Ability to work with cross-functional stakeholders and explain technical concepts clearly to operations, engineering, and management audiences.
Other Requirements
: Threat intelligence platform exposure (for example MISP, ThreatConnect, or Anomali). · Network forensics and packet analysis exposure (for example Wireshark or Zeek/Bro). · Container / Kubernetes security experience. · Familiarity with DevSecOps pipelines and security automation use cases. · Endpoint security knowledge across tools such as CrowdStrike, SentinelOne, Carbon Black, or Microsoft Defender for Endpoint. · Basic malware-analysis or digital-forensics awareness.