SME - Security Analysis, SIEM
India
Job Description
SME - Security Analysis, SIEM
Pune, Maharashtra

Job Summary

The SIEM & SOC Senior Specialist will be responsible for leading the migration of the SIEM platform from the existing environment to a new solution. This role involves designing and developing new detection use cases, optimizing and refining them prior to deployment, and ensuring seamless onboarding into the new platform. The specialist will also establish new operational processes, enhance and modify existing procedures as required, and drive adherence to security and compliance standards, ensuring achievement of a 100% compliance score.

Key Responsibilities

Engage with key users to understand business needs, challenges, and goals. Support in developing (technology) solutions on domain level aligned with organizational objectives. Define domain related processes and policies including complementary documentation. Support and consult in IT projects as well as lead domain initiatives including ensuring successful execution from planning to completion. Customize existing systems to meet specific user requirements (domain specific). Evaluate and recommend new processes/technologies for efficiency and effectiveness. Provide (technical) assistance to key users. Conduct training sessions on processes and potential software and hardware usage for domain specific topics. Analyse complex issues and propose effective solutions. Produce reports to guide decision-making. Assist with threat detection and incident response capabilities using SIEM Platform and other security tools Ability to correlate logs and events across various security platforms and carve decisions based on analysis Support vulnerability management operations like mitigation, remediation and follow ups

Skill Requirements

Mandatory Skills SOC Operation Leadership • Own daily SOC operations, ensuring continuous monitoring, triage, investigation, and response across all environments. • Define and enforce SOC operating model (tiers, shift model, handovers, runbooks, playbooks, escalation matrix). • Establish and track KPIs/SLAs (MTTD, MTTR, false positive rate, detection coverage, case backlog, use‑case health). • Drive operational excellence: backlog management, case quality reviews, post‑incident reviews, and continuous improvement. • Able to plan, build and run the SOC tool from scratch, requires having hands-on SIEM tool migration experience. • Prior working experience to handle different types of Audits such ISO 27001 and able to create roadmap for Audit gaps closure on timebound manner. SIEM & Detection Engineering • Administer and maintain SIEM platform health (parsers, ingestion pipelines, data models, indexing, retention, performance). • Onboard and normalize log sources (network, endpoint, identity, cloud, application) to meet coverage targets. • Design, tune, and maintain detections (rules, correlations, ML/UEBA) aligned to MITRE ATT&CK; and threat scenarios. • Develop and maintain dashboards, metrics, use‑case catalogs, and detection lifecycle management processes. Incident Handling & Response • Lead incident response from validation through containment, eradication, recovery, and lessons learned. • Coordinate cross‑functional responders (IT ops, network, application, legal/IR) and manage stakeholder communications. • Prepare and maintain IR plans, playbooks, communications templates, and evidence handling procedures. • Conduct root‑cause analysis and drive corrective actions to prevent recurrence. Threat Hunting & Intelligence • Run proactive hunts across SIEM/EDR/identity telemetry based on TTPs, IOCs, and hypothesis‑driven scenarios. • Operationalize internal/external threat intelligence and OSINT to improve detections and coverage. 1.1.1 Stakeholder Communication • Provide timely, clear communication during incidents; prepare executive summaries and after‑action reports. • Partner with IT Ops, Network, Application, and Business stakeholders to balance risk, speed, and user impact. Add-on Skills Network Security (Hands‑on) • Configure and troubleshoot firewalls, IDS/IPS, WAF, VPN, proxies, NAC, and network telemetry integrations to SIEM. • Monitor east‑west and north‑south traffic, segment networks, and enforce secure configurations and policy baselines. Endpoint Security (Hands‑on) Administer and tune EDR/XDR platforms (e.g., Microsoft Defender for Endpoint, CrowdStrike, etc.) for high detection efficacy. • Ensure endpoint hardening, policy compliance, isolation workflows, and automated containment actions as appropriate. Vulnerability Management • Own vulnerability lifecycle with IT teams: scanning (Qualys/Tenable/Rapid7), prioritization (CVSS/KEV/business context), remediation and verification. • Track remediation SLAs, report risk posture trends, and drive patching and configuration baselines improvements. Cloud & Identity Security • Integrate cloud telemetry (Azure/M365, AWS, GCP) and identity sources (AD/AAD/IDP) into SIEM with strong detections. • Work with cloud and IAM teams on conditional access, MFA, privileged access monitoring, and identity threat detections. Governance, Risk & Compliance • Align SOC processes with frameworks/standards (ISO 27001, NIST CSF/800‑61, MITRE ATT&CK;). • Support audits, evidence collection, control testing, and policy/procedure updates.

Other Requirements

1.1 Qualifications & Experience • Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience. • 12-15 years in Security Operations with 5+ years leading SOC teams or major incident response programs. • Expert‑level hands‑on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, LogRhythm, QRadar) including admin and detection engineering. • Strong incident handling expertise across containment, eradication, recovery, and lessons learned. • Demonstrated experience with EDR/XDR, SOAR automation/orchestration, and case management tools. • Hands‑on network security knowledge (firewalls, IDS/IPS, WAF, VPN, proxies, NAC) and packet/log analysis. • Vulnerability management lifecycle experience using enterprise scanners and remediation governance. • Experience integrating cloud and identity telemetry; familiarity with Azure/M365 security preferred. • Knowledge of frameworks and models: MITRE ATT&CK;, NIST 800‑61 IR, NIST CSF, ISO 27001. • Excellent communication, stakeholder management, and executive reporting skills. • Audit participation experience is must Preferred Certifications • Security+: CompTIA Security+ • SIEM/EDR vendor certifications (e.g., Splunk, Microsoft, CrowdStrike). • Incident response/forensics (e.g., GCFA, GNFA, GCIH). • Cloud security (e.g., AZ‑500, SC‑200, CCSP). • Network security (e.g., NSE, PCNSA/PCNSE, CCNP Security). Tools & Platforms (indicative) • SIEM: Splunk, Microsoft Sentinel, LogRhythm, QRadar • EDR/XDR: Microsoft Defender for Endpoint, CrowdStrike, SentinelOne • SOAR: Splunk SOAR, Cortex XSOAR, Sentinel playbooks/Logic Apps • Vulnerability: Qualys, Tenable, Rapid7 • Network: Palo Alto, Fortinet, Cisco, F5/WAF, Zscaler/Proxies KPIs & SLAs • Mean Time to Detect (MTTD) and Mean Time to Respond/Recover (MTTR). • False positive rate and alert quality index. • Detection/use‑case coverage (% of prioritized threat scenarios). • Log source coverage and health (% of critical sources onboarded and healthy). • Vulnerability remediation SLA compliance and risk reduction trends Job Description Job Title:SOC Section Manager [IT Security & Infrastructure]Name of Job Owner:[First name + Last name]Personnel Number:[Personnel Number] Cost Centre:[Cost Centre]Organisational Unit:Corporate Department:Information TechnologyRepresents:[Role] - [First name + Last name] Represented by:[Role] - [First name + Last name]Disciplinary Superior: Functional Superior: [Superior role] - [First name + Last name] [Superior role] - [First name + Last name] Summary of Position: substantial / major Tasks:The SIEM & SOC Senior Specialist will be responsible for leading the migration of the SIEM platform from the existing environment to a new solution. This role involves designing and developing new detection use cases, optimizing and refining them prior to deployment, and ensuring seamless onboarding into the new platform. The specialist will also establish new operational processes, enhance and modify existing procedures as required, and drive adherence to security and compliance standards, ensuring achievement of a 100% compliance score.Major Tasks / Activities(What the position does) Expected Outcome(Why is it done)Engage with key users to understand business needs, challenges, and goals. Support in developing (technology) solutions on domain level aligned with organizational objectives. Defined, aligned, and communicated domain level strategy, roadmap, and processes.Define domain related process

Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2025 totaled $14.5 billion.

23 Benefits At HCLTech, we believe in empowering our employees with comprehensive benefits that support their professional growth and enhance their well-being. When you sign up for a career with us, you gain access to: https://rmkcdn.successfactors.com/147eb21f/a701dca9-f32d-4fc9-9447-6.svg Industry-benchmarked compensation https://rmkcdn.successfactors.com/147eb21f/b0c54381-ddcc-4a33-9b35-9.svg Best-in-class healthcare benefits https://rmkcdn.successfactors.com/147eb21f/b73027be-7aae-4d36-a090-4.svg Personal time off https://rmkcdn.successfactors.com/147eb21f/d5b4fdfd-2e99-4e26-9878-9.svg Maternity and paternity benefits https://rmkcdn.successfactors.com/147eb21f/3d42b0fc-4652-435a-9ece-c.svg Access to skills / higher education programs/resources https://rmkcdn.successfactors.com/147eb21f/aeddeaf2-9e25-4584-ad11-d.svg Discounts on products and services via Benefit Box https://rmkcdn.successfactors.com/147eb21f/a9609a3b-2700-4b3c-9d90-a.svg Participate in CSR programs and live life with a purpose https://rmkcdn.successfactors.com/147eb21f/c6e33851-710f-4634-bd69-f.svg Opportunities to grow and advance your career Note: The benefits listed above vary depending on the nature of your employment and the country where you work. Some benefits may be available in some countries but not in all.